Candidate Technical Assessment

Task 1
Analyze below Kusto queries and provide an explanation on logic and the rationale behind
the use case.

Also explain the success criteria of the use case and possible failure scenarios.

Query 1

Query 2

Task 2
Company ABC has Zscaler internet security, checkpoint firewall, VPN and WAF devices
integrated to their SIEM. You have been requested to come up with the essential use cases
which required to be implemented as best practice threat detection rules.

Provide top 5 use cases for each product which you will be building in the SIEM for threat
detection.

Also provide sample logic to 1 use case from each device type. You could provide this in a
query language you prefer (Kusto, Kibana, DQL, YARA, etc)

Task 3
For a recent attack you have read, provide an example on how you use the information
collected to prepare detection rules in SIEM.

Incorporate details on how MITRE ATT&CK information in the article will be utilized.

Time for completion – 2 Days