https://kb.whizzbang.co/ 2026-05-15T16:27:21+00:00 https://kb.whizzbang.co/ https://kb.whizzbang.co/_media/logo.png text/html 2021-04-13T14:31:11+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.whizzbang.co/qnd:azure:app_services?rev=1618324271&do=diff App Services * <https://docs.microsoft.com/en-us/azure/app-service/networking/private-endpoint> * <https://docs.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet> text/html 2021-10-07T13:01:11+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.whizzbang.co/qnd:azure:azure_iaas?rev=1633611671&do=diff Azure IaaS Virtual Machine Agents/Extensions * <https://docs.microsoft.com/en-us/azure/azure-monitor/agents/agents-overview> Get VM creation date-time Using the VM managed disk as a proxy for the machine this one-liner gets the creation date-time of the disk. This is not a perfect solution, but it will work in many cases. text/html 2022-08-25T15:46:05+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.whizzbang.co/qnd:azure:kusto_query_language_kql?rev=1661442365&do=diff Kusto Query Language (KQL) * #azure #sentinel * KQL for Resource Graph Explorer * <https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/sqlcheatsheet> * <https://github.com/reprise99/Sentinel-Queries> Queries Select records where a column does not contain any of the listed substrings SecurityEvent | where not(Computer has_any ("mgmt", "imagine")) Alternate form that works for a single substring match text/html 2021-03-09T17:24:42+00:00 Anonymous (anonymous@undisclosed.example.com) https://kb.whizzbang.co/qnd:azure:security_center?rev=1615310682&do=diff Azure Security Center * The alerts generated in ASC often stop short of giving enough details to be useful. For example, one alert indicated an error occurred while handling some malware, but it does not indicate any details of the error. Another example, the alert message was, The system process SVCHOST was observed running in an abnormal context, but it's not clear as to what