Our Sponsors ❤️
SentinelHealth
Sentinel Health Scheduled Analytics Rule Runs Anomaly
DeviceProcessEvents
Advanced Multi Stage Windows Enumeration Post Exploitation Detector
DeviceNetworkEvents
Potential Beaconing Activity
DeviceProcessEvents
Advanced Multi Stage Linux Enumeration Post Exploitation Detector
DeviceEvents
Process Primary Token Elevated To Se Debug Priv
DeviceEvents
Scheduled Tasks From App Data Created Or Updated
DeviceProcessEventsDeviceEvents
Defender Exclusion Events
DeviceEvents
Rare Lnk File Created On Desktop
AuditLogsAADSignInEventsBeta
Detection Of High Risk Sign Ins From New Or Uncommon I Ps With User Agent Or OS Changes
DeviceNetworkEvents
Monitoring Explorer Initiated External Traffic
CopilotActivity
Excessive Copilot Prompt Activity
CopilotActivity
Microsoft Copilot Access To External Resources XPIA
CloudAppEvents
Microsoft Copilot Jailbreak Detected
DeviceProcessEvents
Attempt To Disable Syslog Service
DeviceProcessEvents
Attempt To Disable Auditd Service
ADOAuditLogs_CL
Azure Dev Ops Activity From Newor Rare IP Outside Business Hours
ADOAuditLogs_CL
Azure Dev Ops Critical Search Queries
ADOAuditLogs_CL
Azure Dev Ops Critical Permission Modification
LOLDriversDeviceEvents
MDE Asr Vulnerable Signed Driver Blocked
DeviceProcessEvents
Click Fix Lo L Bin Abuse
DeviceProcessEvents
Click Fix Nslookup DNS Staging
DeviceRegistryEvents
Run MRU Click Fix Detection
SecurityIncidentSecurityAlert
Alert Efficiency
EntraIdSignInEvents
Entra Id Sign In Events Suspicious User Agent
EntraIdSignInEvents
Entra Id Sign In Events Hunting Potential Seamless SSO Usage
DeviceEventsDeviceNetworkInfo
Windows Summarise Firewall Outbound Blocks By Firewall Profile
DeviceEventsDeviceNetworkInfo
Windows Outbound Firewall Blocks Filtered By Firewall Profile
DeviceEventsDeviceNetworkInfo
Windows Outbound Firewall Blocks Filter By Device And Firewall Profile
DeviceEventsDeviceNetworkInfo
Windows Windows Firewall Outbound Blocked Connections
AuditLogs
Security Copilot Agent Deleted
DeviceNetworkEvents
Windows Find Net BIOS Name Service NBNS Usage UDP 137
EmailEventsEmailUrlInfo
Applying Shanon Entropy To Sender Domains Via Kusto
IdentityLogonEvents
Windows Detect NTLM Usage In The Environment
DeviceEvents
Windows Inbound Firewall Blocks By Process
DeviceEvents
Windows All Firewall Inbound Block Events Last 100
DeviceTvmSoftwareVulnerabilitiesDeviceProcessEventsDeviceFileEvents+2
CVE 2026 21510 Windows Shell Security Feature Bypass
EntraUsers
Detection Enrichment Entra User
EntraGroupMembershipsEntraGroups
Detection Enrichment Entra Group Membership
DeviceNetworkEvents
Device IP History
MessageEventsIdentityInfoMessageUrlInfo
Detect External User Sending Suspicious Link To Multiple Users
MessageEventsIdentityInfo
Detect Possible Teams Bec Attack By High Teams Recipients
MessageEventsMessageUrlInfo
Detect Malicious Teams Message
DeviceRegistryEvents
Image File Execution Options IFEO Or Silent Process Exit Registry Modification
DeviceFileEvents
Malicious Browser Extension Downloads Using Device File Events
SigninLogsAADNonInteractiveUserSignInLogs
Detect Potential Consent Fix O Auth Authorisation Code Theft Attempts
AuditLogs
MCP Server Registered To Entra
AuditLogs
Service Principal Added To Global Administrator Role
AuditLogs
Service Principal Adds Client Secret To Target Application
StorageBlobLogs
Potential Storage Enumeration Or Brute Force Attack
AuditLogs