AlertIQ “squad” of SAS paved the way to Microsoft’s Open Source project

Recently, the AlertIQ (SAS) team has won an achievement in the Open Source project “The Azure Threat Research Matrix” in Microsoft’s Information Security industry with important research on KQL queries.

Team AlertIQ was formed to develop the AlertIQ product with a focus on monitoring and detecting threats in the cyberspace. AlertIQ is a SOC (Security Operator Center) product, created to meet the shared urgent need for Cyber ​​Security of all organizations worldwide in the era of 4.0 technological development.

The product is not only capable of proactively monitoring and detecting strange behaviors and security concerns, but it also assists in analyzing the danger degree of those threats and notifying users in detail.

When Team leader Tran Trung Hieu came across information on the construction of “The Azure Threat Research Matrix,” AlertIQ members decided to begin researching a Microsoft project. At that time, the project team found that the techniques mentioned mostly lacked KQL queries to detect tactics, as well as techniques that attackers could use.

Therefore, the team decides on the main task as well as the team’s contribution to building the missing KQL queries. With perseverance, the team assisted the project in adding approximately 40 KQL queries and was officially recognized by Microsoft on the Acknowledgements table. Currently, the whole team continues to learn and research more about the above Open Source project to make more valuable contributions in the future.