KQL Search

IO Cs For Smart Ape SG Fake Browser Update Leads To Net Support RAT And Steal C

DeviceNetworkEventsDeviceFileEventsDeviceImageLoadEvents

Author: Sergio AlbeaReleased: February 19th, 2025

Most Recent Sign In Time For Users In The Last 30 Days

SigninLogs

Author: Jay KeraiReleased: February 19th, 2025

Defender XDR Weekly OSINT Indicators Scan

WeeklyOSINTEmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents

Author: Steven LimReleased: February 19th, 2025

Critical Open SSH Vulnerabilities Patch Prioritization

DeviceInfoDeviceTvmSoftwareInventory

Author: Steven LimReleased: February 18th, 2025

Identifying Devices By Vendor Based On Inbound Connections

DeviceNetworkEvents

Author: Sergio AlbeaReleased: February 18th, 2025

EDR Evasion Inject Shellcode Via MSSQL CLR Assembly Detection

DeviceFileEventsDeviceProcessEvents

Author: Steven LimReleased: February 18th, 2025

Successful Device Code Authentication Unmanaged Device

AADSignInEventsBetaSigninLogs

Author: Bert-Jan PalsReleased: February 17th, 2025

Detecting Waffles Exploits Shellcode In Image Files

DeviceFileEvents

Author: Steven LimReleased: February 16th, 2025

KQL Obfus Guard Detecting Arg Fuscator Obfuscation

KQLObfusGuardDeviceEvents

Author: Steven LimReleased: February 16th, 2025

The Hunt For Top 10 Self Hosted AI

ExposureGraphNodesDeviceFileEvents

Author: Steven LimReleased: February 15th, 2025

Identify Endpoints With Critical Logged On Users And Shares With Permission Set To Everyone

IdentityInfoDeviceInfoDeviceTvmSecureConfigurationAssessment

Author: Michalis MichalosReleased: February 12nd, 2025

Check Link From Email

EmailEventsUrlClickEventsEmailUrlInfoEmailAttachmentInfoDeviceEventsDeviceFileEventsDeviceImageLoadEventsDeviceProcessEvents

Author: Jose Sebastián CanósReleased: February 11st, 2025

Check Email

EmailEventsEmailUrlInfoUrlClickEventsEmailAttachmentInfoDeviceEventsDeviceFileEventsDeviceImageLoadEventsDeviceProcessEvents

Author: Jose Sebastián CanósReleased: February 11st, 2025

Hunting For Malicious Login Attempts Based On Basic Authentication

AADSignInEventsBeta

Author: Sergio AlbeaReleased: February 11st, 2025

Monitoring Copilot Data Exfiltration Via Graph API

MicrosoftGraphActivityLogs

Author: Steven LimReleased: February 11st, 2025

LLM Hunting In A MDE Environment

ExposureGraphNodesDeviceFileEvents

Author: Steven LimReleased: February 11st, 2025

Using Graph Pre Consent Explorer Data For Microsoft Graph Threat Hunting

MicrosoftGraphActivityLogsGraphPreConsent

Author: Steven LimReleased: February 10th, 2025

Software Download Sites Device Network Events

DeviceNetworkEvents

Author: Jay KeraiReleased: February 9th, 2025

Creation Of Spoof Directories With Unicode Characters

DeviceFileEvents

Author: Jay KeraiReleased: February 7th, 2025

HTTP Client Tools Exploitation For ATO Detection

CloudAppEvents

Author: Steven LimReleased: February 7th, 2025

AWS No Such Bucket Check

AWSCloudTrail

Author: Steven LimReleased: February 6th, 2025

Entra QR Code Sign In KQL Detection

AuditLogs

Author: Steven LimReleased: February 6th, 2025

Defender XDR Custom Detection Modifications

CloudAppEvents

Author: Jay KeraiReleased: February 5th, 2025

MDE MMA Agent Cleanup

DeviceNetworkEventsDeviceProcessEvents

Author: Alex VerboonReleased: February 5th, 2025

Antivirus Domains MDE Device Network Events

DeviceNetworkEvents

Author: Jay KeraiReleased: February 5th, 2025

MDE Usage Latest

UsageDeviceFileEventsDeviceProcessEventsDeviceLogonEventsDeviceRegistryEventsDeviceNetworkEventsDeviceNetworkInfoDeviceInfoDeviceImageLoadEventsDeviceEventsDeviceFileCertificateInfo

Author: Alex VerboonReleased: February 5th, 2025

MDE Windows11 Issues OS Build 26100 2033

DeviceTvmSoftwareVulnerabilitiesDeviceInfo

Author: Alex VerboonReleased: February 5th, 2025

Windows OLE Zero Click Vulnerability Let Attacker To Execute Arbitrary Code

EmailAttachmentInfoEmailEvents

Author: Sergio AlbeaReleased: February 4th, 2025

Crowdstrike Impersonation During Global Outage

CrowdstrikeIOCsEmailUrlInfoEmailEventsDeviceNetworkEvents

Author: Jay KeraiReleased: February 4th, 2025

Block List Project Device Network Events

DeviceNetworkEvents

Author: Jay KeraiReleased: February 4th, 2025

Adult Content MDE Device Network Events

DeviceNetworkEvents

Author: Jay KeraiReleased: February 4th, 2025

Sysinternals Tools Zero Day Vulnerability Detection

SysinternalsToolsDeviceEvents

Author: Steven LimReleased: February 4th, 2025

Extracting Bits Of TCP Flags

DeviceNetworkEvents

Author: Sergio AlbeaReleased: February 3rd, 2025

Audit Logs Azure RBAC Elevated Access

AuditLogs

Author: Jose Sebastián CanósReleased: February 3rd, 2025

Active Directory Domain Services Elevation Of Privilege Vulnerability CVE 2025 21293

DeviceInfoDeviceEventsDeviceRegistryEvents

Author: Steven LimReleased: February 2nd, 2025

ROSTI Repackaged Open Source Intelligence MDE Network Events IOC Hits

DeviceNetworkEvents

Author: Jay KeraiReleased: February 1st, 2025

ROSTI Repackaged Open Source Intelligence MDE File Events IOC Hits

DeviceFileEvents

Author: Jay KeraiReleased: February 1st, 2025

Hunting Rogue Endpoints Via SMB Detection

DeviceEvents

Author: Steven LimReleased: February 1st, 2025

Anonymous Email Sending Domains MDE Traffic

DeviceNetworkEvents

Author: Jay KeraiReleased: January 31th, 2025

Global Admin Elevations To User Access Administrator At Root Level

AuditLogs

Author: Jay KeraiReleased: January 31th, 2025

Windows File Explorer Elevation Of Privilege Vulnerability CVE 2024 38100 Exploited

DeviceProcessEventsDeviceInfo

Author: Sergio AlbeaReleased: January 30th, 2025

Detect Malicious Impersonation Of Deepseek Domains In Email UR Ls

EmailUrlInfoEmailEvents

Author: Steven LimReleased: January 29th, 2025

Detect User Request Token For Admin App

SigninLogsIdentityInfo

Author: Robbe Van den DaeleReleased: January 28th, 2025

Securing Your Azure Cloud Finding The Weakest Link In Admin Endpoints

ExposureGraphEdgesExposureGraphNodes

Author: Steven LimReleased: January 28th, 2025