AI-powered KQL Multi-Tenant Console

Track weak signals at scale
via our KQL Multi-Tenant console.

Q: What is Kusto Query Language (KQL)?

KQL is the native query language used by Microsoft to analyze security logs (Defender, Sentinel, Azure Monitor). Akuity SOC interfaces directly with the Microsoft API to run this language without requiring access to the Azure portal .

Q: Can I run a query on multiple tenants at the same time?

The multi-tenant selector allows you to switch the execution of your KQL query from one client environment to another without having to reconnect . Each execution is partitioned by Row-Level Security.

Q: What happens if my KQL query is too demanding?

Our engine is secured by a Strict Rate Limiting . If a request exceeds Microsoft API quotas, it is terminated cleanly to avoid tenant blocking and overbilling.

Stealth attacks (APTs) require proactive investigation. Deploy your KQL queries simultaneously across all of your Microsoft 365 Defender tenants, without ever leaving your MSSP admin console.

Démarrer mon essai de 14 jours Planifier la démonstration

Partenaire Pure Player Microsoft depuis 1990 • NIS 2 Conformité Cyber • Munich, Bavière (Allemagne)

Operational asymmetry

Classic Threat Hunting MSSP is a time-consuming dead end

Sans Akuity SOC

Avec Akuity SOC

Fragmented execution

Individual connectionsto each customer portal to execute the same query. A 30 minute process for 10 clients.

Overall execution: Multi-Tenant selector to query all your Defender tenants simultaneously.

Complex syntax

Absolute mastery of KQLrequired for each L1/N2 analyst, without input assistance or pre-written templates.

Query templates: pre-written templates for ProcessEvents, LogonEvents and NetworkEvents.

Slowness of investigation

Manual CSV exportof each tenant to consolidate in Excel. Aggregated result in hours.

Dynamic results grid: centralized interactive and asynchronous table, result in seconds.

3 technical pillars

How Akuity SOC is revolutionizing Threat Hunting MSSP

Secure and Asynchronous KQL Terminal

Editing console in monospace font with syntax highlighting (emerald green). Executionasynchronous via Microsoft Advanced Hunting API. Strict Rate Limiting protection with translucent loading screen during recovery.

Integrated Multi-Tenant Selector

Switch between clients with one click from the Threat Hunting tab. Target precisely the tenant on which to run your search. The results are instantly displayed in ainteractive dynamic grid.

Quick Query Templates

Pre-written shortcuts for your analysts:Suspicious processes(PowerShell/CMD via DeviceProcessEvents),Failed Connections(DeviceLogonEvents) andSuspicious network(ports 4444, 8080 via DeviceNetworkEvents).

Concrete case

Neutralizing suspicious communications on port 4444

Proactive investigation with the 'Suspicious network' template

Threat Hunting

The analyst uses the templateDeviceNetworkEventsto scan port 4444 (Command & Control server) activity on a specific tenant.

Discovery and evaluation via the AlienVault OTX gauge

Risk Score 87/100

The grid highlights several suspicious network events. Theredestination IP reputationis instantly assessed via our built-in AlienVault OTX gauge.

Remediation — Network isolation validated by MFA

SOAR Remediation

The analyst switches to the incident panel andisolates the network machine via Intuneto stop exfiltration. Action validated by the Microsoft Authenticator application (AAL2).

Threat Hunting Resources