There’s a newer feature in Log Analytics that you may have missed. This feature makes it much, much easier to share your fantastic KQL query creations with the world and puts the real work on the folks at Microsoft.
In the Logs blade in any Log Analytics workspace, under the Share option, there’s a new Share to community option.
After you develop and run your query, choose this option.
Choosing Share to community, initiates an automated email that contains the following…
As shown, this email gives you the opportunity to provide all the necessary data including your name, name of your query, the description of the query, and the data your query is identifying. The query is also automatically included in the email. The email is sent to a special address where your submission is vetted and submitted.
Hopefully in the future we’ll be able to designate that the submission goes to the Azure Sentinel GitHub repo instead of just the general one.
Cybersecurity PFE/Consultant at Microsoft focused on Azure Sentinel, Azure Security Center, and Azure AD.
Trent, R. (2021). How to Easily Share Your Azure Sentinel Queries with the Community. Available at: https://azurecloudai.blog/2021/05/26/how-to-easily-share-your-azure-sentinel-queries-with-the-community/ [Accessed: 28th October 2021].