You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
kql sigma
About this tag
The kql sigma tag on WindowsForum covers content related to Kusto Query Language (KQL) and Sigma rules in the context of detection engineering and cybersecurity. Discussions include Microsoft's CTI-REALM benchmark, which evaluates AI agents on their ability to read threat reports, generate KQL queries, and produce validated detections. The tag focuses on operational security use cases, such as translating Sigma rules into KQL for real-world threat hunting and detection. Topics emphasize practical applications of KQL and Sigma for defenders, rather than general query language tutorials.
Microsoft’s new CTI-REALM benchmark is notable because it moves the conversation about AI in cybersecurity away from trivia and toward operational value. Instead of asking whether a model can merely identify a threat technique, the benchmark tests whether an AI agent can read a threat report...