Our Sponsors ❤️
Data Staging File Zilla Ps FTP Winscp
DeviceFileEventsDeviceNetworkEvents
Author: Ali HusseinReleased: November 11st, 2025
Veeam PSQL Dump
DeviceProcessEvents
Author: Ali HusseinReleased: November 11st, 2025
DNS Zone Export
DeviceEvents
Author: Ali HusseinReleased: November 10th, 2025
Sshtunneltoexternalhost
DeviceProcessEvents
Author: Ali HusseinReleased: November 10th, 2025
NTD Sdumpwbadmin
DeviceProcessEvents
Author: Ali HusseinReleased: November 10th, 2025
Bumblee Bee Initiailaccess
DeviceProcessEvents
Author: Ali HusseinReleased: November 10th, 2025
TH Obfuscated Or Encoded Commandline
DeviceProcessEvents
Author: Alex VerboonReleased: November 9th, 2025
LM Internal Threat Hunting Over Routers Devices
DeviceInfoDeviceNetworkInfoDeviceNetworkEvents
Author: Sergio AlbeaReleased: November 9th, 2025
Detecting Abuse Of Sync Thing Tool To Steal Data
DeviceNetworkEvents
Author: Sergio AlbeaReleased: November 6th, 2025
Sliver C2beacon Loaded
DeviceImageLoadEventsDeviceEventsDeviceNetworkEvents
Author: Bert-Jan PalsReleased: November 6th, 2025
NRT Auto IR High Impact Alert
AlertEvidence
Author: Bert-Jan PalsReleased: November 4th, 2025
Entra Identify And Map Authentication Context Usage
SigninLogs
Author: Jay KeraiReleased: November 3rd, 2025
Access Review On Role Assignable Group Auto Deleted
AuditLogs
Author: Jay KeraiReleased: November 2nd, 2025
XDR Upn Alerts
AlertEvidenceAlertInfo
Author: Bert-Jan PalsReleased: November 1st, 2025
Detecting Modification Of Windows Security Audit Policy Auditpolexe
DeviceRegistryEvents
Author: Sergio AlbeaReleased: October 29th, 2025
Detecting Execution Of Windows Security Audit Policy Auditpolexe
DeviceProcessEvents
Author: Sergio AlbeaReleased: October 29th, 2025
Detect Suspicious Spn Logon From Workstation
IdentityLogonEventsDeviceNetworkInfoDeviceInfo
Author: Robbe Van den DaeleReleased: October 24th, 2025
Detect Dump Guard Ntlm Challenge
DeviceNetworkEvents
Author: Robbe Van den DaeleReleased: October 24th, 2025
Third Party Phishing Report Malfunction
OfficeActivity
Author: Jose Sebastián CanósReleased: October 21th, 2025
Audit When PIM Fails To Remove An Eligible Member From Role
AuditLogs
Author: Jay KeraiReleased: October 19th, 2025
Detect Last Pass Hack Emails Attempts To Trick Users Into Installing Malware
EmailAttachmentInfoDeviceFileEventsDeviceEvents
Author: Sergio AlbeaReleased: October 16th, 2025
Identifying File Exfiltration Via RDP Sessions
DeviceFileEvents
Author: Sergio AlbeaReleased: October 15th, 2025
Cache Smuggle
DeviceProcessEvents
Author: Daniel CardReleased: October 14th, 2025
NTDS File Create Modify
DeviceFileEvents
Author: Ali HusseinReleased: October 13rd, 2025
Identities Bad Reputation ASN Activities
IdentityLogonEvents
Author: Sergio AlbeaReleased: October 10th, 2025
Security Event Unexpected Network Share Access In A Domain Controller
_GetWatchlistSecurityEvent
Author: Jose Sebastián CanósReleased: October 7th, 2025
Detect Executable Drop Via Azure
DeviceFileEvents
Author: Robbe Van den DaeleReleased: October 6th, 2025
Detect Azure Script Or Run Command By Risky User
AzureActivityAADUserRiskEvents
Author: Robbe Van den DaeleReleased: October 6th, 2025
Detect Process Drop Via Azure Lateral Movement
DeviceFileEventsDeviceNetworkEvents
Author: Robbe Van den DaeleReleased: October 6th, 2025
Detect First Time Azure Custom Script Or Run Command
BehaviorAnalytics
Author: Robbe Van den DaeleReleased: October 6th, 2025
MDA IP Address Type
CloudAppEvents
Author: Jay KeraiReleased: October 2nd, 2025
MDA File Download By Country
CloudAppEvents
Author: Jay KeraiReleased: October 2nd, 2025
Anomalies Anomalous Role Assignment
Anomalies
Author: Jose Sebastián CanósReleased: October 1st, 2025
XDR Device Alerts
AlertEvidenceAlertInfo
Author: Bert-Jan PalsReleased: September 28th, 2025
Detecting Potential CA Policy Bypass By Privileged Accounts Via Private Browser Sessions
DeviceProcessEventsIdentityInfo
Author: Sergio AlbeaReleased: September 28th, 2025
Multiple Activity From Anonymous IP Addresses
AADUserRiskEventsSecurityAlertSigninLogsAADNonInteractiveUserSignInLogs
Author: Jose Sebastián CanósReleased: September 26th, 2025
Ingestion Delays
GraphAPIAuditEventsMicrosoftGraphActivityLogs
Author: Bert-Jan PalsReleased: September 23th, 2025
Removed Device Events
SecurityEventAuditLogs
Author: Jose Sebastián CanósReleased: September 23th, 2025
Multiple Microsoft Entra Threat Intelligence
AADUserRiskEventsSecurityAlertSigninLogs
Author: Jose Sebastián CanósReleased: September 18th, 2025
New KSMBD Do S CVE 2025 38501 Can Exhaust SMB Connections Via Half Open TCP Handshakes
DeviceInfoDeviceNetworkEvents
Author: Sergio AlbeaReleased: September 17th, 2025
Multiple Entra ID Protection Risk Events
EntraIDProtectionRiskEvents
Author: Jose Sebastián CanósReleased: September 17th, 2025
Analytics Entra ID Protection Risk Events
AADUserRiskEvents
SecurityAlert
SigninLogs
AADNonInteractiveUserSignInLogs
Author: Jose Sebastián CanósReleased: September 17th, 2025
Multiple Risky AD FS Sign In
AADUserRiskEventsSigninLogs
Author: Jose Sebastián CanósReleased: September 17th, 2025
MDE Onboarding Status Timeline
DeviceInfo
Author: Alex VerboonReleased: September 17th, 2025
MDE Aggregated Reporting
DeviceFileEventsDeviceLogonEventsDeviceNetworkEventsDeviceProcessEvents
Author: Alex VerboonReleased: September 17th, 2025
TH Wmic PS Encoded
DeviceProcessEvents
Author: Alex VerboonReleased: September 17th, 2025
Sign In Attempts Using Deprecated TLS Versions
AADSignInEventsBeta
Author: Sergio AlbeaReleased: September 16th, 2025
Hunt Critical Credentials On Non Tpm Devices
ExposureGraphNodesExposureGraphEdges
Author: Robbe Van den DaeleReleased: September 15th, 2025
Hunt Critical Credentials On Devices With Non Critical Accounts
ExposureGraphNodesExposureGraphEdges
Author: Robbe Van den DaeleReleased: September 15th, 2025
Hunt Public Remotly Exploitable Devices With High EPSS
ExposureGraphNodesDeviceNetworkEventsDeviceTvmSoftwareVulnerabilitiesDeviceTvmSoftwareVulnerabilitiesKB
Author: Robbe Van den DaeleReleased: September 15th, 2025