KQL Search

Visualization Copilot Models Used

Author: Bert-Jan PalsReleased: 10/29/2024

Monitoring Potential Sign In Attempts From Airport Networks

Author: Sergio AlbeaReleased: 10/24/2024

Identify Browser Extensions With Can Turnoff Malware Protections Permissions In Endpoints With No Tamper Protection

Author: Michalis MichalosReleased: 10/20/2024

Honeypot Threat Intelligence TI Data

Author: Steven LimReleased: 10/19/2024

MDO Enhancing Email Security With NRD Filtering

Author: Steven LimReleased: 10/17/2024

Detecting Port Scanning On Internet Facing Devices

Author: Steven LimReleased: 10/16/2024

Detect Sensitive And Confidential Files Sent By Email

Author: Sergio AlbeaReleased: 10/16/2024

Defender XDR Alert Evidence Summarized

Author: Jose Sebastián CanósReleased: 10/16/2024

Defender XDR M365 Copilot Extensions Threat Monitoring

Author: Steven LimReleased: 10/16/2024

Malfunction Hunting Query Not Working In Graph API

Author: Jose Sebastián CanósReleased: 10/15/2024

Entra User Account Compromised By C2

Author: Steven LimReleased: 10/15/2024

The Hunt For Blob Phishing Mail Domain

Author: Steven LimReleased: 10/15/2024

Prioritize Secure Configuration

Author: Bert-Jan PalsReleased: 10/14/2024

Author: Steven LimReleased: 10/14/2024

Chrome Extension Stealth Persistence Detection

Author: Steven LimReleased: 10/13/2024

M365 Copilot Extensions Threat Monitoring

Author: Steven LimReleased: 10/13/2024

Detecting New Copilot Extensions

Author: Steven LimReleased: 10/12/2024

Technique Profile E Discovery Misuse Detection

Author: Steven LimReleased: 10/11/2024

Detect CVE 2024 43572 Abuse

Author: Steven LimReleased: 10/10/2024

MDE Device Rename

Author: Alex VerboonReleased: 10/9/2024

MDE Defender Exclusions Enumerations

Author: Alex VerboonReleased: 10/9/2024

Av Scan Results

Author: Bert-Jan PalsReleased: 10/9/2024

Identity Directory Events SID History Changed

Author: Jose Sebastián CanósReleased: 10/9/2024

Identity Directory Events ADFS DKM Property Read

Author: Jose Sebastián CanósReleased: 10/9/2024

Parsing Unified AZKV Audit Logs

Author: Jose Sebastián CanósReleased: 10/8/2024

Custom Detection Report

Author: Bert-Jan PalsReleased: 10/8/2024

Detecting Mamba 2FA Phishing As A Service

Author: Steven LimReleased: 10/8/2024

Detect Pn P Devices Connected To My Endpoint Machines

Author: Sergio AlbeaReleased: 10/7/2024

Identify Network Shares With Write Permissions Set To Everyone In Highly Exposed Devices

Author: Michalis MichalosReleased: 10/6/2024

Top 10 Most Sprayed UP Ns By I Ps And Countries Using Behaviour Analytics

Author: Steven LimReleased: 10/6/2024

Self Signed Certificates

Author: Michalis MichalosReleased: 10/6/2024

Defender XDR Threat Hunting DNS Tunneling

Author: Steven LimReleased: 10/5/2024

Sentinel Threat Hunting DNS Tunneling

Author: Steven LimReleased: 10/5/2024

Threat Hunting MDE Network Intrusion Discovery

Author: Steven LimReleased: 10/3/2024

Detecting Windows Side Loading DLL Attacks

Author: Steven LimReleased: 10/3/2024

RMM Connection

Author: Bert-Jan PalsReleased: 10/2/2024

Missing Logs In Email Events

Author: Jose Sebastián CanósReleased: 10/2/2024

Custom Detection For CVE 2024 38200 NTL Mv2 Hash Exposure

Author: Steven LimReleased: 9/29/2024

Measuring Sentinel Watch List Effectiveness Using Behaviour Analytics

Author: Steven LimReleased: 9/29/2024

Entra Cross Tenant Activity Monitoring

Author: Steven LimReleased: 9/28/2024

Custom Detection Rule For CUPS Installation In Defender XDR

Author: Steven LimReleased: 9/27/2024

Finding Internet Facing Device With CUPS

Author: Steven LimReleased: 9/27/2024

Check Malicious Link Or Email

Author: Jose Sebastián CanósReleased: 9/26/2024

Sign In From Suspicious IP

Author: Bert-Jan PalsReleased: 9/25/2024

Monitoring Microsoft 365 Copilot Web Search Queries With Defender XDR

Author: Steven LimReleased: 9/25/2024

Power Shell Possible C2connection

Author: Ali HusseinReleased: 9/25/2024

Email Typosquatted Email Recieved

Author: Bert-Jan PalsReleased: 9/24/2024

Detecting Nation State Threat Actors With Custom KQL Queries

Author: Steven LimReleased: 9/24/2024

Purview DLP Endpoint Alert Info

Author: Jose Sebastián CanósReleased: 9/23/2024

High Risk Assets With Command Line Credentials

Author: Steven LimReleased: 9/22/2024