KQL Search
Assistant
Generator
Lab
Our Sponsors
❤️
Show Advanced Filters
Table:
Select...
Author:
Select...
Keyword:
Select...
Operator:
Select...
Newsletter
Popular Queries
Statistics
Submit query
Device Query
Weaponized Files Extracting DLL Files After Execution
DeviceFileEvents
DeviceEvents
Author:
Sergio Albea
Released:
April 23th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Suspicious RUNMRU Entry
DeviceRegistryEvents
Author:
Bert-Jan Pals
Released:
April 23th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Audit Logs Cross Tenant Settings Modified
AuditLogs
Author:
Jose Sebastián Canós
Released:
April 23th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
AAD Service Principal Sign In Logs Suspicious Multiple Service Principal Authentication From IP Address
AADServicePrincipalSignInLogs
Author:
Jose Sebastián Canós
Released:
April 23th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Tracking Proton66 Activity With KQL
DeviceNetworkEvents
Author:
Steven Lim
Released:
April 21th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detection Response By Tracing File Lineage
DeviceFileEvents
DeviceEvents
Author:
Sergio Albea
Released:
April 21th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Mitigating Security Risks In MCP Implementations
DeviceNetworkEvents
Author:
Steven Lim
Released:
April 20th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Hunting Chrome Extension With Hidden Tracking
SecureAnnex
DeviceFileEvents
Author:
Steven Lim
Released:
April 18th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
CVE 2025 24054 NTLM Exploit In The Wild Detection
DeviceFileEvents
DeviceNetworkEvents
Author:
Steven Lim
Released:
April 16th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Device Network Events Uncommon Process Connection To Suspicious Domain
DeviceNetworkEvents
Author:
Jose Sebastián Canós
Released:
April 16th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identity Directory Events Unexpected Service Creation
IdentityDirectoryEvents
Author:
Jose Sebastián Canós
Released:
April 16th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Modifications To Safe Links Allow Click Through Policy
OfficeActivity
Author:
Jay Kerai
Released:
April 16th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Burte Force Single I Pmultipledestinationswithin10minutes
DeviceLogonEvents
Author:
Ali Hussein
Released:
April 16th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Overprivileged Admin Consented O Auth Applications
OAuthAppInfo
Author:
Steven Lim
Released:
April 15th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Azure Activity Snapshot Of Monitored Azure Resource
AzureActivity
Author:
Jose Sebastián Canós
Released:
April 15th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Most User Consent Application
OAuthAppInfo
Author:
Bert-Jan Pals
Released:
April 14th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
External Application High Priv Permissions
OAuthAppInfo
Author:
Bert-Jan Pals
Released:
April 14th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Unused High Priv Permissions
OAuthAppInfo
Author:
Bert-Jan Pals
Released:
April 14th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Application Mail Permission
OAuthAppInfo
Author:
Bert-Jan Pals
Released:
April 14th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDA O Auth App Disabled
AuditLogs
Author:
Jay Kerai
Released:
April 12nd, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Ingestion Size Security Events
SecurityEvent
Author:
Bert-Jan Pals
Released:
April 12nd, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Anti Sleep Domains MDE Device Network Events
DeviceNetworkEvents
Author:
Jay Kerai
Released:
April 11st, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
CVE 2025 29824 Pipe Magic Detection
DeviceEvents
Author:
Steven Lim
Released:
April 11st, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Last Password Change
IdentityDirectoryEvents
Author:
Bert-Jan Pals
Released:
April 9th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Check If Defender Easm Ips Or Hosts Are Mentioned In Ddosia Project Current Configuration
DDosiaIntelligence
EasmHostAsset_CL
Author:
Michalis Michalos
Released:
April 9th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Black Suitbublupexfil
DeviceNetworkEvents
Author:
Ali Hussein
Released:
April 9th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Unsgined Executionsfromuserdirectories
DeviceProcessEvents
Author:
Ali Hussein
Released:
April 9th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Workload Identity Info Xdr
IdentityInfo
OAuthAppInfo
ExposureGraphNodes
ExposureGraphEdges
Author:
Thomas Naunheim
Released:
April 9th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Entra ID Oauth App Info
OAuthAppInfo
Author:
Alex Verboon
Released:
April 7th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Run Hunting Query Statistics
MicrosoftGraphActivityLogs
Author:
Bert-Jan Pals
Released:
April 7th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Review Required Outbound Connections To Work Wit Defender For Cloud Apps
DeviceNetworkEvents
Author:
Sergio Albea
Released:
April 7th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Run Hunting Query Execution
MicrosoftGraphActivityLogs
Author:
Bert-Jan Pals
Released:
April 6th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDI Service Accounts
IdentityInfo
Author:
Alex Verboon
Released:
April 5th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE Portable Apps
DeviceFileEvents
DeviceProcessEvents
Author:
Alex Verboon
Released:
April 5th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDO Blocked UR Ls
UrlClickEvents
EmailEvents
EmailUrlInfo
Author:
Alex Verboon
Released:
April 5th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDO Non RFC Compliant Emails
EmailEvents
Author:
Alex Verboon
Released:
April 5th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Domains Where Their Emails Will Be Routed To Junk Folders Due To New Outlook Requirement
EmailEvents
Author:
Sergio Albea
Released:
April 4th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect Suspicious Foci Token Logins
AADNonInteractiveUserSignInLogs
Author:
Robbe Van den Daele
Released:
March 27th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identify Hot Spot Connections Shared Via I Phone
DeviceNetworkInfo
Author:
Sergio Albea
Released:
March 26th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Hunting Ingress Nightmare CVSS 98
DeviceInfo
DeviceProcessEvents
Author:
Steven Lim
Released:
March 25th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect Active Exploitation Of Critical Apache Tomcat RCE Vulnerability
DeviceInfo
DeviceProcessEvents
DeviceNetworkEvents
Author:
Steven Lim
Released:
March 21th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Misconfigured EXO Transport Rules
EmailEvents
Author:
Steven Lim
Released:
March 21th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
ZDI CAN 25373 Windows Shortcut Exploit Abused Detection
DeviceEvents
Author:
Steven Lim
Released:
March 20th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Hunt Device Discovery Subnet Ranges
DeviceNetworkInfo
Author:
Robbe Van den Daele
Released:
March 19th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Device Network Events Uncommon Process Connection To Cloudfront Domain
DeviceNetworkEvents
Author:
Jose Sebastián Canós
Released:
March 18th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
7Z To SM Bshare
DeviceProcessEvents
Author:
Ali Hussein
Released:
March 18th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Matching Url Redirectors From Urlclickevents Table With Openphish External Threat Intel Source
UrlClickEvents
Author:
Michalis Michalos
Released:
March 18th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Matching Ip Redirectors From Urlclickevents Table With Urlhaus External Threat Intel Source
UrlClickEvents
Author:
Michalis Michalos
Released:
March 18th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Unfolding Redirectors Using Urlclickevents Table
UrlClickEvents
Author:
Michalis Michalos
Released:
March 18th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Privileged Unified Identity Info
IdentityInfo
WorkloadIdentityInfo
Author:
Thomas Naunheim
Released:
March 17th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X