Query Details

TITLE

Template

Query

# TITLE

![KQL](https://img.shields.io/badge/language-KQL-blue.svg)

![Status: Work in Progress](https://img.shields.io/badge/status-work--in--progress-yellow.svg)
![Status: In Progress](https://img.shields.io/badge/status-in--progress-yellow.svg)
![Status: Complete](https://img.shields.io/badge/status-complete-brightgreen.svg)
![Status: Done](https://img.shields.io/badge/status-done-green.svg)
![Status: Draft](https://img.shields.io/badge/status-draft-lightgrey.svg)
![Status: Planned](https://img.shields.io/badge/status-planned-blue.svg)
![Status: Pending](https://img.shields.io/badge/status-pending-orange.svg)
![Status: Pending Review](https://img.shields.io/badge/status-pending--review-blue.svg)
![Status: Under Review](https://img.shields.io/badge/status-under--review-blue.svg)
![Status: On Hold](https://img.shields.io/badge/status-on--hold-yellow.svg)
![Status: Blocked](https://img.shields.io/badge/status-blocked-red.svg)
![Status: Deprecated](https://img.shields.io/badge/status-deprecated-critical.svg)
![Status: Archived](https://img.shields.io/badge/status-archived-lightgrey.svg)
![Status: Maintenance](https://img.shields.io/badge/status-maintenance-orange.svg)
![Status: Alpha](https://img.shields.io/badge/status-alpha-yellow.svg)
![Status: Beta](https://img.shields.io/badge/status-beta-blue.svg)
![Status: Preview](https://img.shields.io/badge/status-preview-blueviolet.svg)
![Status: Stable](https://img.shields.io/badge/status-stable-brightgreen.svg)
![Status: Experimental](https://img.shields.io/badge/status-experimental-red.svg)
![Status: Testing](https://img.shields.io/badge/status-testing-blue.svg)




## Query Information

### MITRE ATT&CK Technique(s)

| Technique ID | Title    | Link    |
| ---  | --- | --- |
| T1110.003 | Credential Access: Brute Force: Password Spraying | https://attack.mitre.org/techniques/T1110/003/ |

### Description

DESCRIPTION

#### References

### Author

- **Alex Verboon**

## Defender XDR

```kql
```

## Sentinel

```kql
```

About this query

TITLE

Query Information

MITRE ATT&CK Technique(s)

Technique IDTitleLink
T1110.003Credential Access: Brute Force: Password Sprayinghttps://attack.mitre.org/techniques/T1110/003/

Description

DESCRIPTION

References

Author

  • Alex Verboon

Defender XDR

Sentinel

Explanation

The document you provided appears to be a template or a draft for a KQL (Kusto Query Language) query related to cybersecurity, specifically focusing on a MITRE ATT&CK technique. Here's a simple summary of the key components:

  1. Title and Status: The document is labeled with various status badges indicating the progress or state of the work, such as "Work in Progress," "Complete," "Draft," etc. These badges help track the development stage of the query or project.

  2. MITRE ATT&CK Technique: The document references a specific MITRE ATT&CK technique, T1110.003, which is related to "Credential Access: Brute Force: Password Spraying." This technique involves attempting to gain unauthorized access to accounts by trying multiple passwords against many accounts.

  3. Description: There is a placeholder for a description, which would typically explain the purpose and functionality of the query or provide context about the technique being addressed.

  4. References: This section is likely intended for citing sources or additional materials related to the query or technique.

  5. Author: The query or document is authored by Alex Verboon.

  6. Defender XDR and Sentinel: These sections are placeholders for KQL queries that would be used in Microsoft Defender XDR (Extended Detection and Response) and Microsoft Sentinel, respectively. However, no actual queries are provided in the document.

Overall, this document seems to be a framework for developing and documenting a KQL query related to detecting or analyzing password spraying attacks, but it is not yet complete.

Details

Alex Verboon profile picture

Alex Verboon

Released: December 22, 2025

Tables

There are no tables used in the provided KQL queries.

Keywords

DevicesIntuneUser

Operators

`

MITRE Techniques

Actions

GitHub