KQL Search
Assistant
Generator
Lab
Our Sponsors
❤️
Show Advanced Filters
Table:
Select...
Author:
Select...
Keyword:
Select...
Operator:
Select...
Newsletter
Popular Queries
Statistics
Submit query
Device Query
Visualization Copilot Models Used
Author:
Bert-Jan Pals
Released:
10/29/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Monitoring Potential Sign In Attempts From Airport Networks
Author:
Sergio Albea
Released:
10/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identify Browser Extensions With Can Turnoff Malware Protections Permissions In Endpoints With No Tamper Protection
Author:
Michalis Michalos
Released:
10/20/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Honeypot Threat Intelligence TI Data
Author:
Steven Lim
Released:
10/19/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDO Enhancing Email Security With NRD Filtering
Author:
Steven Lim
Released:
10/17/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Port Scanning On Internet Facing Devices
Author:
Steven Lim
Released:
10/16/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect Sensitive And Confidential Files Sent By Email
Author:
Sergio Albea
Released:
10/16/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Defender XDR Alert Evidence Summarized
Author:
Jose Sebastián Canós
Released:
10/16/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Defender XDR M365 Copilot Extensions Threat Monitoring
Author:
Steven Lim
Released:
10/16/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Malfunction Hunting Query Not Working In Graph API
Author:
Jose Sebastián Canós
Released:
10/15/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Entra User Account Compromised By C2
Author:
Steven Lim
Released:
10/15/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
The Hunt For Blob Phishing Mail Domain
Author:
Steven Lim
Released:
10/15/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Prioritize Secure Configuration
Author:
Bert-Jan Pals
Released:
10/14/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Author:
Steven Lim
Released:
10/14/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Chrome Extension Stealth Persistence Detection
Author:
Steven Lim
Released:
10/13/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
M365 Copilot Extensions Threat Monitoring
Author:
Steven Lim
Released:
10/13/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting New Copilot Extensions
Author:
Steven Lim
Released:
10/12/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Technique Profile E Discovery Misuse Detection
Author:
Steven Lim
Released:
10/11/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect CVE 2024 43572 Abuse
Author:
Steven Lim
Released:
10/10/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE Device Rename
Author:
Alex Verboon
Released:
10/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE Defender Exclusions Enumerations
Author:
Alex Verboon
Released:
10/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Av Scan Results
Author:
Bert-Jan Pals
Released:
10/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identity Directory Events SID History Changed
Author:
Jose Sebastián Canós
Released:
10/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identity Directory Events ADFS DKM Property Read
Author:
Jose Sebastián Canós
Released:
10/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Parsing Unified AZKV Audit Logs
Author:
Jose Sebastián Canós
Released:
10/8/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Custom Detection Report
Author:
Bert-Jan Pals
Released:
10/8/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Mamba 2FA Phishing As A Service
Author:
Steven Lim
Released:
10/8/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect Pn P Devices Connected To My Endpoint Machines
Author:
Sergio Albea
Released:
10/7/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identify Network Shares With Write Permissions Set To Everyone In Highly Exposed Devices
Author:
Michalis Michalos
Released:
10/6/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Top 10 Most Sprayed UP Ns By I Ps And Countries Using Behaviour Analytics
Author:
Steven Lim
Released:
10/6/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Self Signed Certificates
Author:
Michalis Michalos
Released:
10/6/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Defender XDR Threat Hunting DNS Tunneling
Author:
Steven Lim
Released:
10/5/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Sentinel Threat Hunting DNS Tunneling
Author:
Steven Lim
Released:
10/5/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Threat Hunting MDE Network Intrusion Discovery
Author:
Steven Lim
Released:
10/3/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Windows Side Loading DLL Attacks
Author:
Steven Lim
Released:
10/3/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
RMM Connection
Author:
Bert-Jan Pals
Released:
10/2/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Missing Logs In Email Events
Author:
Jose Sebastián Canós
Released:
10/2/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Custom Detection For CVE 2024 38200 NTL Mv2 Hash Exposure
Author:
Steven Lim
Released:
9/29/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Measuring Sentinel Watch List Effectiveness Using Behaviour Analytics
Author:
Steven Lim
Released:
9/29/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Entra Cross Tenant Activity Monitoring
Author:
Steven Lim
Released:
9/28/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Custom Detection Rule For CUPS Installation In Defender XDR
Author:
Steven Lim
Released:
9/27/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Finding Internet Facing Device With CUPS
Author:
Steven Lim
Released:
9/27/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Check Malicious Link Or Email
Author:
Jose Sebastián Canós
Released:
9/26/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Sign In From Suspicious IP
Author:
Bert-Jan Pals
Released:
9/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Monitoring Microsoft 365 Copilot Web Search Queries With Defender XDR
Author:
Steven Lim
Released:
9/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Power Shell Possible C2connection
Author:
Ali Hussein
Released:
9/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Email Typosquatted Email Recieved
Author:
Bert-Jan Pals
Released:
9/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Nation State Threat Actors With Custom KQL Queries
Author:
Steven Lim
Released:
9/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Purview DLP Endpoint Alert Info
Author:
Jose Sebastián Canós
Released:
9/23/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
High Risk Assets With Command Line Credentials
Author:
Steven Lim
Released:
9/22/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X