I worked within the Cyber Security department at the University of Wisconsin-Oshkosh, utilizing their Microsoft Azure platform to develop a dedicated workspace for security monitoring. This workspace was specifically designed to track and manage incidents and data related to suspicious login activity. Traditionally, all security incidents and logs are processed within a single large workspace, making investigation cumbersome. By creating a targeted workspace solely for login-related anomalies, I enhanced organization, improved accessibility, and streamlined incident resolution.

Using KQL, I wrote custom rules designed to capture incidents that met predefined security criteria, ensuring that relevant login activities were flagged for review. Once these rules were established, I built automations to facilitate real-time responses, reducing incident resolution time and eliminating the need for constant manual monitoring. These automations ensure that security measures are executed efficiently without requiring human intervention 24/7.

To assist future security analysts, I also created KQL queries that employees can directly input into logs to retrieve critical information about users, locations, or specific incidents. This provides an accessible solution for those who may not be fully proficient in KQL, allowing them to quickly access and analyze security data without extensive query development. By implementing these structured rules and automations, the system improves investigative efficiency, optimizes incident response, and enhances security operations within the university’s cybersecurity framework