KQL Search

Malfunction Hunting Query Not Working In Graph API

Author: Jose Sebastián CanósReleased: 10/15/2024

Entra User Account Compromised By C2

Author: Steven LimReleased: 10/15/2024

The Hunt For Blob Phishing Mail Domain

Author: Steven LimReleased: 10/15/2024

Prioritize Secure Configuration

Author: Bert-Jan PalsReleased: 10/14/2024

Author: Steven LimReleased: 10/14/2024

Chrome Extension Stealth Persistence Detection

Author: Steven LimReleased: 10/13/2024

M365 Copilot Extensions Threat Monitoring

Author: Steven LimReleased: 10/13/2024

Detecting New Copilot Extensions

Author: Steven LimReleased: 10/12/2024

Technique Profile E Discovery Misuse Detection

Author: Steven LimReleased: 10/11/2024

Detect CVE 2024 43572 Abuse

Author: Steven LimReleased: 10/10/2024

MDE Device Rename

Author: Alex VerboonReleased: 10/9/2024

MDE Defender Exclusions Enumerations

Author: Alex VerboonReleased: 10/9/2024

Av Scan Results

Author: Bert-Jan PalsReleased: 10/9/2024

Identity Directory Events SID History Changed

Author: Jose Sebastián CanósReleased: 10/9/2024

Identity Directory Events ADFS DKM Property Read

Author: Jose Sebastián CanósReleased: 10/9/2024

Parsing Unified AZKV Audit Logs

Author: Jose Sebastián CanósReleased: 10/8/2024

Custom Detection Report

Author: Bert-Jan PalsReleased: 10/8/2024

Detecting Mamba 2FA Phishing As A Service

Author: Steven LimReleased: 10/8/2024

Detect Pn P Devices Connected To My Endpoint Machines

Author: Sergio AlbeaReleased: 10/7/2024

Identify Network Shares With Write Permissions Set To Everyone In Highly Exposed Devices

Author: Michalis MichalosReleased: 10/6/2024

Top 10 Most Sprayed UP Ns By I Ps And Countries Using Behaviour Analytics

Author: Steven LimReleased: 10/6/2024

Self Signed Certificates

Author: Michalis MichalosReleased: 10/6/2024

Defender XDR Threat Hunting DNS Tunneling

Author: Steven LimReleased: 10/5/2024

Sentinel Threat Hunting DNS Tunneling

Author: Steven LimReleased: 10/5/2024

Threat Hunting MDE Network Intrusion Discovery

Author: Steven LimReleased: 10/3/2024

Detecting Windows Side Loading DLL Attacks

Author: Steven LimReleased: 10/3/2024

RMM Connection

Author: Bert-Jan PalsReleased: 10/2/2024

Missing Logs In Email Events

Author: Jose Sebastián CanósReleased: 10/2/2024

Custom Detection For CVE 2024 38200 NTL Mv2 Hash Exposure

Author: Steven LimReleased: 9/29/2024

Measuring Sentinel Watch List Effectiveness Using Behaviour Analytics

Author: Steven LimReleased: 9/29/2024

Entra Cross Tenant Activity Monitoring

Author: Steven LimReleased: 9/28/2024

Custom Detection Rule For CUPS Installation In Defender XDR

Author: Steven LimReleased: 9/27/2024

Finding Internet Facing Device With CUPS

Author: Steven LimReleased: 9/27/2024

Check Malicious Link Or Email

Author: Jose Sebastián CanósReleased: 9/26/2024

Sign In From Suspicious IP

Author: Bert-Jan PalsReleased: 9/25/2024

Monitoring Microsoft 365 Copilot Web Search Queries With Defender XDR

Author: Steven LimReleased: 9/25/2024

Power Shell Possible C2connection

Author: Ali HusseinReleased: 9/25/2024

Email Typosquatted Email Recieved

Author: Bert-Jan PalsReleased: 9/24/2024

Detecting Nation State Threat Actors With Custom KQL Queries

Author: Steven LimReleased: 9/24/2024

Purview DLP Endpoint Alert Info

Author: Jose Sebastián CanósReleased: 9/23/2024

High Risk Assets With Command Line Credentials

Author: Steven LimReleased: 9/22/2024

Monitoring Restricted Management Administrative Units Abuse

Author: Steven LimReleased: 9/21/2024

Signature Ring Distribution

Author: Bert-Jan PalsReleased: 9/19/2024

Password Spraying Detection In Active Directory

Author: Steven LimReleased: 9/19/2024

Purview DLP Share Point Alert Info

Author: Jose Sebastián CanósReleased: 9/19/2024

Purview DLP One Drive Alert Info

Author: Jose Sebastián CanósReleased: 9/19/2024

Purview DLP Exchange Alert Info

Author: Jose Sebastián CanósReleased: 9/19/2024

Purview DLP Teams Alert Info

Author: Jose Sebastián CanósReleased: 9/19/2024

Detect API Spray Attack On Your Entra High Value Assets

Author: Steven LimReleased: 9/18/2024

Suspicious SSH Connection Inspections

Author: Sergio AlbeaReleased: 9/18/2024

KQL Search

Our Sponsors ❤️

Malfunction Hunting Query Not Working In Graph API

Entra User Account Compromised By C2

The Hunt For Blob Phishing Mail Domain

Prioritize Secure Configuration

Chrome Extension Stealth Persistence Detection

M365 Copilot Extensions Threat Monitoring

Detecting New Copilot Extensions

Technique Profile E Discovery Misuse Detection

Detect CVE 2024 43572 Abuse

MDE Device Rename

MDE Defender Exclusions Enumerations

Av Scan Results

Identity Directory Events SID History Changed

Identity Directory Events ADFS DKM Property Read

Parsing Unified AZKV Audit Logs

Custom Detection Report

Detecting Mamba 2FA Phishing As A Service

Detect Pn P Devices Connected To My Endpoint Machines

Identify Network Shares With Write Permissions Set To Everyone In Highly Exposed Devices

Top 10 Most Sprayed UP Ns By I Ps And Countries Using Behaviour Analytics

Self Signed Certificates

Defender XDR Threat Hunting DNS Tunneling

Sentinel Threat Hunting DNS Tunneling

Threat Hunting MDE Network Intrusion Discovery

Detecting Windows Side Loading DLL Attacks

RMM Connection

Missing Logs In Email Events

Custom Detection For CVE 2024 38200 NTL Mv2 Hash Exposure

Measuring Sentinel Watch List Effectiveness Using Behaviour Analytics

Entra Cross Tenant Activity Monitoring

Custom Detection Rule For CUPS Installation In Defender XDR

Finding Internet Facing Device With CUPS

Check Malicious Link Or Email

Sign In From Suspicious IP

Monitoring Microsoft 365 Copilot Web Search Queries With Defender XDR

Power Shell Possible C2connection

Email Typosquatted Email Recieved

Detecting Nation State Threat Actors With Custom KQL Queries

Purview DLP Endpoint Alert Info

High Risk Assets With Command Line Credentials

Monitoring Restricted Management Administrative Units Abuse

Signature Ring Distribution

Password Spraying Detection In Active Directory

Purview DLP Share Point Alert Info

Purview DLP One Drive Alert Info

Purview DLP Exchange Alert Info

Purview DLP Teams Alert Info

Detect API Spray Attack On Your Entra High Value Assets

Suspicious SSH Connection Inspections