https://kqlsearch.com/ daily 1.0 https://kqlsearch.com/ai monthly 0.8 https://kqlsearch.com/devicequery monthly 0.8 https://kqlsearch.com/faq monthly 0.5 https://kqlsearch.com/query/Detect%20TLS%20validation%20bypass%20via%20PowerShell&cmniwj67z0000z5o8c830enkh 2026-04-03T12:50:37.135Z weekly 0.6 https://kqlsearch.com/query/Audit%20Claude%20Behavior&cmngf3y0a0000h9aa9q0d1dp4 2026-04-01T19:07:20.937Z weekly 0.6 https://kqlsearch.com/query/GitForcePush&cmng2011r0006pvxfz8iv2eok 2026-04-01T13:00:23.134Z weekly 0.6 https://kqlsearch.com/query/GitAbuseHighFidelity&cmng1zw8w0005pvxf73fwnwif 2026-04-01T13:00:17.024Z weekly 0.6 https://kqlsearch.com/query/Execution_Git_Commit_Amend_NoVerify&cmng1zos40004pvxfdu9bk0mu 2026-04-01T13:00:07.234Z weekly 0.6 https://kqlsearch.com/query/Execution_Batch_Git_Abuse&cmng1zg7h0003pvxfc8tdwwgz 2026-04-01T12:59:56.237Z weekly 0.6 https://kqlsearch.com/query/DefenseEvasion_TimeChange_Git&cmng1zb5c0002pvxfb1cd3msj 2026-04-01T12:59:49.566Z weekly 0.6 https://kqlsearch.com/query/DefenseEvasion_Git_Config_Masquerade&cmng1z3vx0001pvxf9pre5lcg 2026-04-01T12:59:40.268Z weekly 0.6 https://kqlsearch.com/query/Correlation_Git_And_VSCode_Task_Abuse&cmng1yu3i0000pvxfi09qajx0 2026-04-01T12:59:27.468Z weekly 0.6 https://kqlsearch.com/query/Privileged%20RDP%20Session%20Source%20Mismatch&cmnemru9d00019xmu6vv3c7qz 2026-03-31T13:06:20.597Z weekly 0.6 https://kqlsearch.com/query/IFEO%20%E2%80%93%20Unauthorized%20Debugger%20Registration&cmnemrhe700009xmud6nyq6gt 2026-03-31T13:06:03.994Z weekly 0.6 https://kqlsearch.com/query/macOS%20Suspicious%20Shell%20or%20Direct%20Process%20Execution%20from%20Browser&cmnd7kwok000156ok39eirfoj 2026-03-30T13:13:16.769Z weekly 0.6 https://kqlsearch.com/query/Device%20TVM%20Secure%20Configuration%20Assessment%20Summary&cmnd7kcyg000056okve85z03a 2026-03-30T13:12:51.351Z weekly 0.6 https://kqlsearch.com/query/VsCodePersistence&cmnc3t7uf000211e892xcnpep 2026-03-29T18:39:59.991Z weekly 0.6 https://kqlsearch.com/query/PolinRiderNode&cmnc3svem000111e85awrvgd2 2026-03-29T18:39:43.869Z weekly 0.6 https://kqlsearch.com/query/NodeC2Polinder&cmnc3sjaz000011e8m3ufth1a 2026-03-29T18:39:28.186Z weekly 0.6 https://kqlsearch.com/query/Azure%20-%20AzureActivityCompromisedAccount&cmn3wpbfo000114gy7pjur3tu 2026-03-24T00:58:51.300Z weekly 0.6 https://kqlsearch.com/query/SuccessfulSigninFromSuspiciousUserAgent&cmn3wp2qq000014gywovst3xc 2026-03-24T00:58:40.033Z weekly 0.6 https://kqlsearch.com/query/Local%20Administrator%20Account%20added%20by%20Scheduled%20Task&cmn3k5qjd0000di44totyk5xd 2026-03-23T19:07:42.360Z weekly 0.6 https://kqlsearch.com/query/Defender%20IOC%20Warning%20Bypass%20or%20Monitor%20Mode%20MDA%20bypass&cmmxuabq80000u5znnd0r0gt4 2026-03-19T19:04:35.405Z weekly 0.6 https://kqlsearch.com/query/List%20Devices%20(Array)&cmmwf2te70001y4e34un6aszb 2026-03-18T19:11:04.636Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Unusual%20user%20account%20authentication&cmmwe7kxv0000y4e3jabzoeuc 2026-03-18T18:46:47.490Z weekly 0.6 https://kqlsearch.com/query/%5BIC%5D%20-%20Catching%20emojis%20on%20email%20Subjects&cmmvcldeh0002znasia4ra5o3 2026-03-18T01:13:45.496Z weekly 0.6 https://kqlsearch.com/query/%5BIC%5D%20-%20Catching%20Emojis%20into%20Email%20Attachment%20Files%20names&cmmvcl6mf0001znasxzzjp6db 2026-03-18T01:13:36.588Z weekly 0.6 https://kqlsearch.com/query/%5BIC%5D%20-%20Catching%20Emojis%20into%20File%20Names&cmmvckqog0000znas1vb31hkt 2026-03-18T01:13:15.925Z weekly 0.6 https://kqlsearch.com/query/MDO-FileMaliciousContentInfo&cmmt6gkhn0000rdmx0i5sxcjw 2026-03-16T12:46:31.354Z weekly 0.6 https://kqlsearch.com/query/SentinelHealth-Scheduled%20analytics%20rule%20runs%20anomaly&cmmng9yh60000gffdlwldmutt 2026-03-12T12:34:41.904Z weekly 0.6 https://kqlsearch.com/query/Advanced%20Multi-Stage%20Windows%20Enumeration%20%26%20Post-Exploitation%20Detector&cmmkme3fx00009yo4s175pkrl 2026-03-10T13:02:34.072Z weekly 0.6 https://kqlsearch.com/query/PotentialBeaconingActivity&cmmjwpy5q00001kdlq4fz4oij 2026-03-10T01:03:57.073Z weekly 0.6 https://kqlsearch.com/query/Advanced%20Multi-Stage%20Linux%20Enumeration%20%26%20Post-Exploitation%20Detector&cmmjjoweg00006ea217ewxtkk 2026-03-09T18:59:13.154Z weekly 0.6 https://kqlsearch.com/query/ProcessPrimaryTokenElevatedToSeDebugPriv&cmmi340va000071oafk9xrerc 2026-03-08T18:27:19.179Z weekly 0.6 https://kqlsearch.com/query/ScheduledTasksFromAppDataCreatedOrUpdated&cmmgnxsxo00023cvq4bwmc6gb 2026-03-07T18:34:48.477Z weekly 0.6 https://kqlsearch.com/query/RareLnkFileCreatedOnDesktop&cmmgnxkfa00013cvqcf2p82pf 2026-03-07T18:34:37.605Z weekly 0.6 https://kqlsearch.com/query/DefenderExclusionEvents&cmmgnx1z300003cvq05s8qz6s 2026-03-07T18:34:13.535Z weekly 0.6 https://kqlsearch.com/query/Detection%20of%20High-Risk%20Sign-ins%20from%20New%20or%20Uncommon%20IPs%20with%20User%20Agent%20or%20OS%20Changes&cmmbc9u2g0000r4ole3kyjfql 2026-03-04T01:09:23.614Z weekly 0.6 https://kqlsearch.com/query/Monitoring%20Explorer-Initiated%20External%20Traffic&cmm8ha5rj000012w1nsc8o4d5 2026-03-02T01:06:18.413Z weekly 0.6 https://kqlsearch.com/query/Microsoft%20Copilot%20Jailbreak%20Detected&cmm3ttfbo00042pbnvo26ccex 2026-02-26T18:58:21.646Z weekly 0.6 https://kqlsearch.com/query/Attempt%20to%20Disable%20Syslog%20Service&cmm3tt47c00032pbn0fqhde2t 2026-02-26T18:58:07.368Z weekly 0.6 https://kqlsearch.com/query/Attempt%20to%20Disable%20Auditd%20Service&cmm3tsytu00022pbn75jfqq02 2026-02-26T18:58:00.402Z weekly 0.6 https://kqlsearch.com/query/Microsoft%20Copilot%20Access%20to%20External%20Resources%20(XPIA)&cmm3tsna600012pbnd6al1rd7 2026-02-26T18:57:45.304Z weekly 0.6 https://kqlsearch.com/query/Excessive%20Copilot%20Prompt%20Activity&cmm3tsgpw00002pbn6zst1iuz 2026-02-26T18:57:36.931Z weekly 0.6 https://kqlsearch.com/query/Azure%20DevOps%20Activity%20from%20Newor%20Rare%20IP%20Outside%20Business%20Hours&cmm3gwa2x000214by8brfxrds 2026-02-26T12:56:39.944Z weekly 0.6 https://kqlsearch.com/query/Azure%20DevOps%20Critical%20Search%20Queries&cmm3gvzl6000114by22rwdqjr 2026-02-26T12:56:26.220Z weekly 0.6 https://kqlsearch.com/query/Azure%20DevOps%20Critical%20Permission%20Modification&cmm3gvs7k000014by05k0t72y 2026-02-26T12:56:16.783Z weekly 0.6 https://kqlsearch.com/query/MDE-AsrVulnerableSignedDriverBlocked&cmlzwhhwq0000m9umrdgavj88 2026-02-24T01:01:59.291Z weekly 0.6 https://kqlsearch.com/query/RunMRU%20ClickFix%20Detection&cmlz6jl830002898r4f5yfxrn 2026-02-23T12:55:46.994Z weekly 0.6 https://kqlsearch.com/query/ClickFix%20Nslookup%20DNS%20Staging&cmlz6jf1c0001898r0gaxcmwx 2026-02-23T12:55:38.976Z weekly 0.6 https://kqlsearch.com/query/ClickFix%20LoLBin%20Abuse&cmlz6j9q20000898rwq3ifqee 2026-02-23T12:55:31.965Z weekly 0.6 https://kqlsearch.com/query/AlertEfficiency&cmlxqhpu50000bf2b1mp2i84d 2026-02-22T12:38:39.472Z weekly 0.6 https://kqlsearch.com/query/Windows%20-%20Windows%20Firewall%20Outbound%20Blocked%20Connections&cmlqz1j3h0005oncwcuu6fhbk 2026-02-17T19:03:37.562Z weekly 0.6 https://kqlsearch.com/query/Windows%20-%20Summarise%20Firewall%20Outbound%20Blocks%20by%20Firewall%20Profile&cmlqz1b5g0004oncw40l6cako 2026-02-17T19:03:27.412Z weekly 0.6 https://kqlsearch.com/query/Windows%20-%20Outbound%20Firewall%20Blocks%20(Filtered%20by%20Firewall%20Profile)&cmlqz15u50003oncwlse5hdwy 2026-02-17T19:03:20.378Z weekly 0.6 https://kqlsearch.com/query/Windows%20-%20Outbound%20Firewall%20Blocks%20(Filter%20by%20Device%20and%20Firewall%20Profile)&cmlqz0x6p0002oncwtscf8bbd 2026-02-17T19:03:09.312Z weekly 0.6 https://kqlsearch.com/query/EntraIdSignInEvents%20-%20Suspicious%20User%20agent&cmlqyz3d10001oncw0cybnzw5 2026-02-17T19:01:43.859Z weekly 0.6 https://kqlsearch.com/query/EntraIdSignInEvents%20-%20Hunting%20Potential%20Seamless%20SSO%20Usage&cmlqyynhe0000oncwu8tvcou0 2026-02-17T19:01:23.279Z weekly 0.6 https://kqlsearch.com/query/Security%20Copilot%20Agent%20Deleted&cmlqlnipr0000a9k4ln09uw0s 2026-02-17T12:48:48.930Z weekly 0.6 https://kqlsearch.com/query/Windows%20-%20Find%20NetBIOS%20Name%20Service%20(NBNS)%20Usage%20(UDP%2C%20137)&cmlohfgb900004zcn1dunlf5v 2026-02-16T01:15:01.844Z weekly 0.6 https://kqlsearch.com/query/Applying%20Shanon%20Entropy%20to%20SenderDomains%20via%20Kusto&cmlk76m330000147rukzqhuls 2026-02-13T01:17:08.558Z weekly 0.6 https://kqlsearch.com/query/Windows%20-%20Inbound%20firewall%20blocks%20(by%20process)&cmljgmnv10002y6f5fukplvb7 2026-02-12T12:53:47.724Z weekly 0.6 https://kqlsearch.com/query/Windows%20-%20Detect%20NTLM%20usage%20in%20the%20environment&cmljgmjja0001y6f58a21rkcf 2026-02-12T12:53:42.008Z weekly 0.6 https://kqlsearch.com/query/Windows%20-%20All%20firewall%20inbound%20block%20events%20(last%20100)&cmljgmcq60000y6f5pmb53smo 2026-02-12T12:53:33.293Z weekly 0.6 https://kqlsearch.com/query/CVE-2026-21510%20-%20Windows%20Shell%20Security%20Feature%20Bypass&cmlie9lhe0001n477v7ycgt72 2026-02-11T18:59:52.593Z weekly 0.6 https://kqlsearch.com/query/Detection%20Enrichment%20-%20Entra%20User&cmlidtdcz0000n4773oqcyble 2026-02-11T18:47:15.569Z weekly 0.6 https://kqlsearch.com/query/Detection%20Enrichment%20-%20Entra%20Group%20Membership&cmlhbzhuh0000bx7ykdfx8cz6 2026-02-11T01:08:15.913Z weekly 0.6 https://kqlsearch.com/query/DeviceIPHistory&cmlgys0ae0000kedf3f16yi3f 2026-02-10T18:58:31.522Z weekly 0.6 https://kqlsearch.com/query/DetectPossibleTeamsBecAttackByHighTeamsRecipients&cmlgkx34d00022oczsui1fcs1 2026-02-10T12:30:33.882Z weekly 0.6 https://kqlsearch.com/query/DetectMaliciousTeamsMessage&cmlgkwvsw00012oczu4z96l82 2026-02-10T12:30:24.511Z weekly 0.6 https://kqlsearch.com/query/DetectExternalUserSendingSuspiciousLinkToMultipleUsers&cmlgkwpnw00002ocz2m90dt7w 2026-02-10T12:30:16.555Z weekly 0.6 https://kqlsearch.com/query/Image%20File%20Execution%20Options%20(IFEO)%20or%20SilentProcessExit%20Registry%20Modification&cmlf6n8on0000dnac2b5rw95g 2026-02-09T13:03:13.847Z weekly 0.6 https://kqlsearch.com/query/Malicious%20Browser%20Extension%20Downloads%20using%20DeviceFileEvents&cmldqr0ca0000krg1p8pxlyvx 2026-02-08T12:50:29.476Z weekly 0.6 https://kqlsearch.com/query/Detect%20potential%20ConsentFix%20OAuth%20authorisation%20code%20theft%20attempts&cmla6rwf80000xmxv8jj3ut9u 2026-02-06T01:08:00.262Z weekly 0.6 https://kqlsearch.com/query/MCP%20Server%20Registered%20to%20Entra&cml9teit10000x46pl1qcjwxu 2026-02-05T18:53:41.061Z weekly 0.6 https://kqlsearch.com/query/UnauthorizedFederatedCredentialAddedToManagedIdentity&cml9geanv000a12v2j3awnox9 2026-02-05T12:49:35.454Z weekly 0.6 https://kqlsearch.com/query/SuccessfulAzureStorageFileAccessFromUnauthorizedGeoLocation&cml9gdyfw000912v207j8gxzw 2026-02-05T12:49:19.771Z weekly 0.6 https://kqlsearch.com/query/ServicePrincipalSignInFromNewCountry&cml9gdstr000812v2j8pzp927 2026-02-05T12:49:11.536Z weekly 0.6 https://kqlsearch.com/query/ServicePrincipalEnumerationOfAppRoleAssignments&cml9gdl8z000712v2sfxudcpq 2026-02-05T12:49:02.528Z weekly 0.6 https://kqlsearch.com/query/ServicePrincipalAddsClientSecretToTargetApplication&cml9gd9r1000612v2r0h5h34k 2026-02-05T12:48:47.772Z weekly 0.6 https://kqlsearch.com/query/ServicePrincipalAddedToGlobalAdministratorRole&cml9gd1wy000512v2vz4mwt13 2026-02-05T12:48:37.470Z weekly 0.6 https://kqlsearch.com/query/PrivilegedRoleAssignmentOutsideOfPIM&cml9gcup5000412v243e0xk7r 2026-02-05T12:48:28.264Z weekly 0.6 https://kqlsearch.com/query/PotentialStorageEnumerationOrBruteForceAttack&cml9gcpdu000312v279esfm89 2026-02-05T12:48:21.230Z weekly 0.6 https://kqlsearch.com/query/GrantingOfHighRiskPrivilegeEscalationPermissionsToServicePrincipal&cml9gch2q000212v2by9pbs2s 2026-02-05T12:48:10.610Z weekly 0.6 https://kqlsearch.com/query/AzurekidBlackcatSecurityModuleActivity&cml9gc82s000112v2df9lhxn6 2026-02-05T12:47:58.800Z weekly 0.6 https://kqlsearch.com/query/AnonymousRetrievalOfAzureBlobVersions&cml9gc0mc000012v2arnmtspq 2026-02-05T12:47:49.283Z weekly 0.6 https://kqlsearch.com/query/Notepad%2B%2B%20-%20Chrysalis%20Backdoor%20gup.exe%20spawned%20binaries%20excluding%20known-good%20Notepad%2B%2B%20hashes&cml6leu1w0002121xwpq14s0p 2026-02-03T12:46:40.201Z weekly 0.6 https://kqlsearch.com/query/Notepad%2B%2B%20-%20Chrysalis%20Backdoor%20gup.exe%20detection&cml6lelsn0001121xky6e11x4 2026-02-03T12:46:29.590Z weekly 0.6 https://kqlsearch.com/query/Notepad%2B%2B%20-%20Chrysalis%20Backdoor%20Spawned%20binaries%20%2B%20network%20connections%20correlation&cml6lebtt0000121x5fhxztxf 2026-02-03T12:46:16.581Z weekly 0.6 https://kqlsearch.com/query/Windows%20-%20Trigger%20full%20scan%20for%20devices%20that%20have%20not%20completed%20one&cml5x3nhr000j3h8twrr7fv6p 2026-02-03T01:26:07.791Z weekly 0.6 https://kqlsearch.com/query/Windows%20-%20Trigger%20full%20scan%20for%20devices%20that%20have%20not%20completed%20one%20(Windows%20Clients%20only)&cml5x3gw2000i3h8tamicsmrf 2026-02-03T01:25:59.084Z weekly 0.6 https://kqlsearch.com/query/Auto%20Disable%20High%20Risk%20AD%20User&cml5x3916000h3h8t3292cf8h 2026-02-03T01:25:49.050Z weekly 0.6 https://kqlsearch.com/query/Emergency%20Access%20Usage%20Alert&cml5x333q000g3h8ts3qqf1qv 2026-02-03T01:25:41.216Z weekly 0.6 https://kqlsearch.com/query/Azure%20RBAC%20Elevation%20via%20User%20Access%20Admin%20toggle&cml5x2vkd000f3h8tcrcc75y2 2026-02-03T01:25:31.597Z weekly 0.6 https://kqlsearch.com/query/Windows%20-%20Recent%20Devices%20Missing%20Full%20Scan&cml5x2ldw000e3h8tfij5swvi 2026-02-03T01:25:17.478Z weekly 0.6 https://kqlsearch.com/query/Linux%20%E2%80%93%20Suspicious%20Cron%20Persistence&cml5x2ejp000d3h8tf30hiums 2026-02-03T01:25:09.540Z weekly 0.6 https://kqlsearch.com/query/Linux%20%E2%80%93%20Script%20Activity%20(ScriptContent)&cml5x28pn000c3h8thfw53gte 2026-02-03T01:25:01.830Z weekly 0.6 https://kqlsearch.com/query/Linux%20%E2%80%93%20Network%20Events%20Baseline%20(ReportId%20Dedupe)&cml5x2375000b3h8tagl59xeb 2026-02-03T01:24:54.832Z weekly 0.6 https://kqlsearch.com/query/Linux%20%E2%80%93%20Logon%20Activity&cml5x1ya7000a3h8t22xfz2ur 2026-02-03T01:24:48.463Z weekly 0.6 https://kqlsearch.com/query/Linux%20%E2%80%93%20LOLbin%20Downloads%20to%20Temporary%20Directories&cml5x1s2h00093h8tybe2o7tl 2026-02-03T01:24:40.260Z weekly 0.6 https://kqlsearch.com/query/Linux%20%E2%80%93%20File%20Activity%20Baseline&cml5x1j0p00083h8tlssrxc0m 2026-02-03T01:24:28.680Z weekly 0.6 https://kqlsearch.com/query/Linux%20%E2%80%93%20Archive%20Command%20Followed%20by%20Upload%20Egress&cml5x1cpb00073h8t8l5jluuv 2026-02-03T01:24:20.317Z weekly 0.6 https://kqlsearch.com/query/Linux%20%E2%80%93%20Antivirus%20Activity&cml5x15hl00063h8tk319jhjs 2026-02-03T01:24:11.144Z weekly 0.6 https://kqlsearch.com/query/Linux%20%E2%80%93%20ActionType%20Inventory%20(All%20Tables)&cml5x0wr300053h8t5d60hu8s 2026-02-03T01:23:59.674Z weekly 0.6 https://kqlsearch.com/query/Linux%20Server%20%E2%80%93%20Public%20Egress%20Baseline%20(High%20Fidelity)&cml5x0pqf00043h8tpjvb31b3 2026-02-03T01:23:50.726Z weekly 0.6 https://kqlsearch.com/query/Linux%20Desktop%20%E2%80%93%20Public%20Egress%20Baseline%20(Low%20Noise)&cml5x0h0e00033h8tqe5ba5hl 2026-02-03T01:23:39.272Z weekly 0.6 https://kqlsearch.com/query/Linux%20-%20User%20activity%20leading%20up%20to%20exfiltration&cml5x07tj00023h8tgceu8f7l 2026-02-03T01:23:27.510Z weekly 0.6 https://kqlsearch.com/query/Linux%20-%20Telemetry%20Validation%20Test%20(Process)&cml5x01aj00013h8ttz4yjxpg 2026-02-03T01:23:18.902Z weekly 0.6 https://kqlsearch.com/query/Linux%20-%20Network%20fan%E2%80%91out%20from%20the%20upload%20process&cml5wzri700003h8toscq6oox 2026-02-03T01:23:06.366Z weekly 0.6 https://kqlsearch.com/query/Notepad%2B%2B%20-%20Chrysalis%20Backdoor%20Network%20IOCs&cml5iqsrg0001304fubm3357b 2026-02-02T18:44:13.468Z weekly 0.6 https://kqlsearch.com/query/Notepad%2B%2B%20-%20Chrysalis%20Backdoor%20File%20Hash%20IOCs&cml5iqn3x0000304f0tigybwr 2026-02-02T18:44:06.049Z weekly 0.6 https://kqlsearch.com/query/Microsoft%20Office%20Security%20Feature%20Bypass%20Vulnerability%20CVE-2026-21509&cmkwlg4zk0000tn2cws5atixe 2026-01-27T12:49:59.200Z weekly 0.6 https://kqlsearch.com/query/HuntAccountsWithLeakedCredentials&cmkv4vrrt0000dzc47xk8mw10 2026-01-26T12:18:28.925Z weekly 0.6 https://kqlsearch.com/query/sign_in_risk_analysis&cmksaeg6c0001d4m3h5tabnud 2026-01-24T12:29:40.067Z weekly 0.6 https://kqlsearch.com/query/authenticator_device_enrollment_country_risk_baseline&cmksae6550000d4m3s2kiwkpz 2026-01-24T12:29:26.970Z weekly 0.6 https://kqlsearch.com/query/%5BIA%5D%20-%20Threat%20Intelligence%20Feed%20Evaluation%20based%20on%20URL%20IOCs&cmkinlhdj000214il0chao7bn 2026-01-17T18:41:21.320Z weekly 0.6 https://kqlsearch.com/query/%5BIA%5D%20-%20Threat%20Intelligence%20Feed%20Evaluation%20based%20on%20FileHashes%20IOCs&cmkinla5a000114il77o08gaz 2026-01-17T18:41:12.094Z weekly 0.6 https://kqlsearch.com/query/%5BIA%5D%20-%20Threat%20Intelligence%20Feed%20Evaluation%20based%20on%20Domains%20IOCs&cmkinl2zf000014ilwyrwbk36 2026-01-17T18:41:02.669Z weekly 0.6 https://kqlsearch.com/query/Suspicious%20Sign-in%20After%20Phishing%20Link%20Click&cmkft6q4s0000kpaxbg2a6sgw 2026-01-15T18:54:31.984Z weekly 0.6 https://kqlsearch.com/query/Monitor%20DLLs%20by%20Signer&cmke0d1tr000050d1gbal5y0p 2026-01-14T12:39:52.097Z weekly 0.6 https://kqlsearch.com/query/Certificate%20Issued%20to%20Privileged%20User&cmkcy7rdr0000143ag4keye9x 2026-01-13T18:51:59.804Z weekly 0.6 https://kqlsearch.com/query/DetectPIMElevationWithUserRisk&cmkb4pk09000713btjs04qowa 2026-01-12T12:18:15.446Z weekly 0.6 https://kqlsearch.com/query/DetectDeviceCodeWithUserRisk&cmkb4pc5y000613bto2d4ixfp 2026-01-12T12:18:05.397Z weekly 0.6 https://kqlsearch.com/query/DetectUnsignedExecLaunchFromScheduledTask&cmkb4p35d000513btxcvg0dks 2026-01-12T12:17:53.599Z weekly 0.6 https://kqlsearch.com/query/DetectUnkownProcessUsingSmbAndWinrm&cmkb4ovxj000413btrnw1687z 2026-01-12T12:17:44.358Z weekly 0.6 https://kqlsearch.com/query/DetectUnkownProcessLaunchedViaWinRM&cmkb4oofb000313bt1gvzwo8k 2026-01-12T12:17:34.514Z weekly 0.6 https://kqlsearch.com/query/DetectRareScheduledTaskCreated&cmkb4ogge000213btwonxvqaq 2026-01-12T12:17:24.302Z weekly 0.6 https://kqlsearch.com/query/DetectMsiexecExecutingDllNetworkConnections&cmkb4o980000113btv80zagef 2026-01-12T12:17:14.813Z weekly 0.6 https://kqlsearch.com/query/DetectLolDriverDropOrLoadFromUnkownProcess&cmkb4nz0j000013btknln5d0v 2026-01-12T12:17:01.699Z weekly 0.6 https://kqlsearch.com/query/User%20with%20uncommon%20or%20risky%20behavior%20is%20deploying%20an%20Application%20with%20Intune%20to%20All%20Users%20or%20All%20Devices&cmk4k4iyv0004omo36reg2ioy 2026-01-07T21:55:24.906Z weekly 0.6 https://kqlsearch.com/query/User%20with%20uncommon%20or%20risky%20behavior%20is%20deploying%20a%20Script%20with%20Intune%20to%20All%20Users%20or%20All%20Devices&cmk4k49jr0003omo3gudiortv 2026-01-07T21:55:12.854Z weekly 0.6 https://kqlsearch.com/query/Mass%20Wipe%20or%20Retire%20Device%20Action&cmk4k426c0002omo3cs9s0uo3 2026-01-07T21:55:03.142Z weekly 0.6 https://kqlsearch.com/query/Managed%20Service%20Provider%20User%20(B2B%20or%20GDAP)%20without%20Device%20Compliance%20or%20MFA%20claim%20is%20managing%20Intune&cmk4k3ugl0001omo3wwp0hzsv 2026-01-07T21:54:53.301Z weekly 0.6 https://kqlsearch.com/query/Delete%20an%20Intune%20Multi%20Approval%20Policy%20by%20User%20with%20uncommon%20or%20risky%20behavior&cmk4k3kjx0000omo3nt5fghwa 2026-01-07T21:54:40.304Z weekly 0.6 https://kqlsearch.com/query/ConsentFix-HuntingConfidenceOnTokenAndNetworkSignals&cmjx7kdi80000ieuyob2ecv96 2026-01-02T18:29:26.149Z weekly 0.6 https://kqlsearch.com/query/Detect%20compromised%20chalk%20packages&cmjud4td1000v12am71khf7g9 2025-12-31T18:41:59.461Z weekly 0.6 https://kqlsearch.com/query/macOS%20User%20added%20to%20Admin%20Group&cmjud4os7000u12amp52xn7ao 2025-12-31T18:41:53.416Z weekly 0.6 https://kqlsearch.com/query/BiDi%20Swap%20URL%20in%20DeviceNetworkEvents&cmjud4ht6000t12amigreojy4 2025-12-31T18:41:44.490Z weekly 0.6 https://kqlsearch.com/query/TI%20URL%20or%20Domain%20Hit%20in%20Teams%20Messages&cmjud4c53000s12amkvv970ng 2025-12-31T18:41:37.033Z weekly 0.6 https://kqlsearch.com/query/Parse%20Apache%20Access.log&cmjud45d2000r12amutbbx93g 2025-12-31T18:41:28.357Z weekly 0.6 https://kqlsearch.com/query/AADSTS_errorcodes_KQL&cmjud3zvd000q12am58r5ybmu 2025-12-31T18:41:21.131Z weekly 0.6 https://kqlsearch.com/query/macOS%20LoginWindow%20Hooks%20%26%20Authorization%20Plugins&cmjud3vnq000p12amwelubpt4 2025-12-31T18:41:15.782Z weekly 0.6 https://kqlsearch.com/query/macOS%20Launch%20Agent%20or%20Daemon%20.plist%20File%20Creation%20or%20Modification&cmjud3qru000o12amojuficys 2025-12-31T18:41:09.450Z weekly 0.6 https://kqlsearch.com/query/macOS%20ClickFix%20Attack%20with%20Base64%20encrypted%20curl%20Command&cmjud3l72000n12am0n5xkc6g 2025-12-31T18:41:02.110Z weekly 0.6 https://kqlsearch.com/query/WScript%5CCScript%20Executing%20JavaScript%20from%20User%20Profile&cmjud3e6r000m12amizd1bsp8 2025-12-31T18:40:53.138Z weekly 0.6 https://kqlsearch.com/query/ValleyRAT_Detection&cmjud39ep000l12am8keavrbv 2025-12-31T18:40:46.835Z weekly 0.6 https://kqlsearch.com/query/Scheduled%20Tasks%20with%20unsigned%20Binaries&cmjud33mc000k12amisqokylc 2025-12-31T18:40:39.443Z weekly 0.6 https://kqlsearch.com/query/Pure%20malware%20family%20Behavior%20Detection&cmjud2xp2000j12amexnnvap0 2025-12-31T18:40:31.655Z weekly 0.6 https://kqlsearch.com/query/PowerShell_Defender_Exclusion_Modification&cmjud2qx3000i12amejb2mqnc 2025-12-31T18:40:22.982Z weekly 0.6 https://kqlsearch.com/query/Obfuscated%20ClickFix%20Powershell%20Command&cmjud2n5p000h12amiy333t9u 2025-12-31T18:40:18.109Z weekly 0.6 https://kqlsearch.com/query/LSASS%20Dump%20via%20comsvcs.dll&cmjud2ib7000g12amf4w5c6hb 2025-12-31T18:40:11.716Z weekly 0.6 https://kqlsearch.com/query/Exif%20smuggling%20FileFix%20Detection&cmjud2b9e000f12am7od750u8 2025-12-31T18:40:02.689Z weekly 0.6 https://kqlsearch.com/query/EXPLOIT_no-defender-loader-detection&cmjud25et000e12amwl7hfmzz 2025-12-31T18:39:54.998Z weekly 0.6 https://kqlsearch.com/query/Detect%20Unsigned%20or%20DevSigned%20Appx%20Package%20Installation&cmjud1yxl000d12amrc8tezhj 2025-12-31T18:39:46.713Z weekly 0.6 https://kqlsearch.com/query/CLSID%20override&cmjud1s5o000c12am9oqqu564 2025-12-31T18:39:37.931Z weekly 0.6 https://kqlsearch.com/query/Email_GmailSender%20with%20different%20Display%20Names&cmjud1m68000b12amrx3dhlvf 2025-12-31T18:39:30.176Z weekly 0.6 https://kqlsearch.com/query/Suspicious%20IIS%20Logs%20delete&cmjud1glp000a12amfen53hmy 2025-12-31T18:39:22.847Z weekly 0.6 https://kqlsearch.com/query/PowerShell%20LOLBAS%20Execution%20with%20Public%20Network%20Connection&cmjud1bvo000912ambbfs5eo1 2025-12-31T18:39:16.835Z weekly 0.6 https://kqlsearch.com/query/Suspicisous%20Sign%20in%20after%20Network%20Connection%20to%20Lab539%20Clickfix%20List&cmjud14wz000812ami85mazdk 2025-12-31T18:39:07.700Z weekly 0.6 https://kqlsearch.com/query/Suspicious%20unsigned%20File%20executed%20in%20User%20writeable%20Folder&cmjud0wq7000712am893p8mif 2025-12-31T18:38:57.199Z weekly 0.6 https://kqlsearch.com/query/Script%20Interpreter%20Executing%20Commands%20with%20Non-ASCII%20Characters&cmjud0plx000612am29ktvw5y 2025-12-31T18:38:47.270Z weekly 0.6 https://kqlsearch.com/query/Risky%20SignIn%20after%20EmailUrlClickEvent&cmjud0f77000512am0nxzrd6l 2025-12-31T18:38:34.371Z weekly 0.6 https://kqlsearch.com/query/Networkconnection_to_High_Confidence_ThreatView_Domain&cmjud096a000412amfg4a96zd 2025-12-31T18:38:26.673Z weekly 0.6 https://kqlsearch.com/query/Lotusblo%20Obfuscated%20Powershell%20Script%20Detection&cmjuczzy5000312amt3wg5a81 2025-12-31T18:38:14.605Z weekly 0.6 https://kqlsearch.com/query/Azure%20AD%20Device%20Registration%20from%20New%20IP%20Address&cmjuczq8e000212amwusidybi 2025-12-31T18:38:02.126Z weekly 0.6 https://kqlsearch.com/query/OAuthAppEvaluation&cmjuczi11000112am0a7yw1g8 2025-12-31T18:37:51.381Z weekly 0.6 https://kqlsearch.com/query/Failed%20AV%20Scan%20on%20Devices%20with%20Vulnerabilities%20and%20related%20Incidents&cmjucz9ic000012amevl8srpr 2025-12-31T18:37:40.452Z weekly 0.6 https://kqlsearch.com/query/CISAKEV-YearToDateVulnerabilitiesReleaseYear&cmjtb3aim00033nfi42kvkvy7 2025-12-31T00:57:02.973Z weekly 0.6 https://kqlsearch.com/query/CISAKEV-YearToDateVulnerabilitiesProduct&cmjtb35f900023nfi63i3hf7w 2025-12-31T00:56:56.373Z weekly 0.6 https://kqlsearch.com/query/CISAKEV-YearToDateVulnerabilitiesEdgeDevices&cmjtb30qd00013nfi03sc40ad 2025-12-31T00:56:50.166Z weekly 0.6 https://kqlsearch.com/query/CISAKEV-YearToDateVulnerabilities&cmjtb2ui400003nfi64f0kiwj 2025-12-31T00:56:42.220Z weekly 0.6 https://kqlsearch.com/query/MDE-DataCollection&cmjhhvlj30000npi31ypirf3t 2025-12-22T18:33:47.198Z weekly 0.6 https://kqlsearch.com/query/MshtaExecutions&cmjh4zto60000l863c3ikkdwu 2025-12-22T12:33:08.390Z weekly 0.6 https://kqlsearch.com/query/MDE-DigiCert%20Global%20Root%20G2&cmjea74vv0000ypu0zubos5ak 2025-12-20T12:35:29.893Z weekly 0.6 https://kqlsearch.com/query/correlation%20id%20equals%20tenant%20id%20in%20peculiar%20password%20spray&cmjbrqhdo00008771281y3vtd 2025-12-18T18:23:07.643Z weekly 0.6 https://kqlsearch.com/query/SuspiciousMSBuildRemoteThread&cmj7hoyan0000vvug7m7650tu 2025-12-15T18:30:54.563Z weekly 0.6 https://kqlsearch.com/query/PodContainerexec&cmj5cizro0000bmyc2z87cstp 2025-12-14T06:30:46.931Z weekly 0.6 https://kqlsearch.com/query/ExecutableFilesProgramDataFolder&cmj0q1df70000kevi5st6o2b6 2025-12-11T00:50:08.451Z weekly 0.6 https://kqlsearch.com/query/MDE-DeviceGroups&cmizzumng00019cpiqpba5hy4 2025-12-10T12:37:03.916Z weekly 0.6 https://kqlsearch.com/query/MDE-DeviceActiveInactive&cmizzudz900009cpiozav72zd 2025-12-10T12:36:52.520Z weekly 0.6 https://kqlsearch.com/query/KQL%20Techniques%20for%20Email%20URL%20Redirect%20Hunting&cmix4sogw0000ps77zjc7sk56 2025-12-08T12:32:12.418Z weekly 0.6 https://kqlsearch.com/query/MDI-Identity-Password%20Security%20Posture%20Assessment&cmiua1ubu0000n696kz1htfc0 2025-12-06T12:35:59.561Z weekly 0.6 https://kqlsearch.com/query/MDO-AutoForwardingMode&cmipzjcri0000w17jkcy68xpf 2025-12-03T12:30:36.125Z weekly 0.6 https://kqlsearch.com/query/User%20Deleted%20from%20Entra&cmioxhw7b0005w3qkdm4pn7ka 2025-12-02T18:45:42.443Z weekly 0.6 https://kqlsearch.com/query/Entra%20Password%20Resets&cmioxhk9f0004w3qk800w95w3 2025-12-02T18:45:27.123Z weekly 0.6 https://kqlsearch.com/query/Entra%20Group%20Changes&cmioxhdp90003w3qkmeb8xvi6 2025-12-02T18:45:18.464Z weekly 0.6 https://kqlsearch.com/query/Entra%20Account%20Disabled&cmioxh5u50002w3qkeyabeyg0 2025-12-02T18:45:08.428Z weekly 0.6 https://kqlsearch.com/query/Device%20Deleted%20from%20Entra&cmioxgwqm0001w3qk5u3iy13j 2025-12-02T18:44:56.482Z weekly 0.6 https://kqlsearch.com/query/Azure%20Resource%20Graph%20-%20APIM%20with%20basic%20auth%20enabled&cmioxg1j70000w3qk3t2hrqah 2025-12-02T18:44:16.038Z weekly 0.6 https://kqlsearch.com/query/Audit%20Logic%20Apps%20with%20Office365%20Connections%20using%20Resource%20Query&cminhzjsw0000izfqbmb4tvrg 2025-12-01T18:43:46.303Z weekly 0.6 https://kqlsearch.com/query/Executables%20in%20AppData%20Local%20Roaming&cmihrpll80000104k2hqm7dxh 2025-11-27T18:29:21.071Z weekly 0.6 https://kqlsearch.com/query/UEBA%20-%20Find%20Onpremise%20users%20with%20Password%20Not%20Required&cmihfgzwt0001h87q0zfo114z 2025-11-27T12:46:44.272Z weekly 0.6 https://kqlsearch.com/query/Azure%20Resource%20VM%20sku%20sizes%20Changes&cmihfg4xq0000h87q96v3og3c 2025-11-27T12:46:04.285Z weekly 0.6 https://kqlsearch.com/query/Azure%20Resource%20VM%20sku%20sizes&cmiek3go80000q2s1sswz14dj 2025-11-25T12:32:52.519Z weekly 0.6 https://kqlsearch.com/query/MDI-Automatic%20Windows%20auditing%20configuration&cmiamag8y00005ammvn0nvxrr 2025-11-22T18:23:12.950Z weekly 0.6 https://kqlsearch.com/query/%5BIC%5D%20-Tor%20Exit%20Browser%20hunting%20based%20on%20Device%20Events&cmi5atzeh00001352vqcnjw6y 2025-11-19T01:03:37.903Z weekly 0.6 https://kqlsearch.com/query/rustdeskexecution&cmhvmr31r0000wjjr58nqhbkm 2025-11-12T06:39:36.352Z weekly 0.6 https://kqlsearch.com/query/HuntCriticalCredentialsOnNonCredGuardDevices&cmhv9tbq10000hajfgcy0g9mf 2025-11-12T00:37:25.880Z weekly 0.6 https://kqlsearch.com/query/VeeamPSQLDump&cmhu79nqi0001vl2antpelmpa 2025-11-11T06:38:23.082Z weekly 0.6 https://kqlsearch.com/query/DataStagingFileZillaPsFTPWinscp&cmhu79gpm0000vl2aus7onfks 2025-11-11T06:38:13.833Z weekly 0.6 https://kqlsearch.com/query/BumbleeBeeInitiailaccess&cmhthjs2x0003sb5x4urg3xbj 2025-11-10T18:38:25.124Z weekly 0.6 https://kqlsearch.com/query/DNSZoneExport&cmhthjb1c0002sb5xkew2snwj 2025-11-10T18:38:03.167Z weekly 0.6 https://kqlsearch.com/query/NTDSdumpwbadmin&cmhthj19d0001sb5xnuri0zhz 2025-11-10T18:37:49.612Z weekly 0.6 https://kqlsearch.com/query/sshtunneltoexternalhost&cmhthir7l0000sb5xuww0jttp 2025-11-10T18:37:37.343Z weekly 0.6 https://kqlsearch.com/query/%5BLM%5D%20-%20Internal%20Threat%20Hunting%20over%20Routers%20Devices&cmhsfuesg00013hptta2rnzwm 2025-11-10T01:02:55.677Z weekly 0.6 https://kqlsearch.com/query/TH-Obfuscated%20or%20Encoded%20Commandline&cmhsfmv8i00003hpt897h7g0d 2025-11-10T00:57:03.905Z weekly 0.6 https://kqlsearch.com/query/Detecting%20abuse%20of%20SyncThing%20tool%20to%20steal%20data&cmho55rqc0000vvj1lcoqqsif 2025-11-07T00:52:45.239Z weekly 0.6 https://kqlsearch.com/query/SliverC2BeaconLoaded&cmhnepz7400007dbiqgbjp5c6 2025-11-06T12:32:38.351Z weekly 0.6 https://kqlsearch.com/query/NRT%20-%20AutoIRHighImpactAlert&cmhkwh5aa0000igw6mrh77eql 2025-11-04T18:26:20.947Z weekly 0.6 https://kqlsearch.com/query/DetectSuspiciousSpnLogonFromWorkstation&cmhju8gxu00011v7vx7mlld9l 2025-11-04T00:35:50.757Z weekly 0.6 https://kqlsearch.com/query/DetectDumpGuardNtlmChallenge&cmhju82e100001v7v3iuy2jdx 2025-11-04T00:35:31.992Z weekly 0.6 https://kqlsearch.com/query/Entra%20Identify%20and%20Map%20Authentication%20Context%20Usage&cmhjhp1zg0000pej0bm5hqr99 2025-11-03T18:44:49.456Z weekly 0.6 https://kqlsearch.com/query/Access%20Review%20On%20Role%20Assignable%20Group%20AutoDeleted&cmhi1w9xf0000enln27ylixku 2025-11-02T18:34:46.466Z weekly 0.6 https://kqlsearch.com/query/XDR%20-%20UpnAlerts&cmhh03kn10000tb2lcr9aa8hj 2025-11-02T00:56:41.532Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Modification%20of%20Windows%20Security%20Audit%20Policy%20(Auditpol.exe)&cmhcq116g0001mslojx73wtvx 2025-10-30T01:03:42.136Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Execution%20of%20Windows%20Security%20Audit%20Policy%20(Auditpol.exe)&cmhcq0vri0000mslo6zmpqpg8 2025-10-30T01:03:34.977Z weekly 0.6 https://kqlsearch.com/query/third%20party%20Phishing%20Report%20malfunction&cmh0w3qak0000anuv3g0q6ahp 2025-10-21T18:20:31.486Z weekly 0.6 https://kqlsearch.com/query/Audit%20when%20PIM%20fails%20to%20remove%20an%20eligible%20member%20from%20role&cmgxp40a10000v066fzmalqj3 2025-10-19T12:41:28.521Z weekly 0.6 https://kqlsearch.com/query/Detect%20LastPass%20Hack%20Emails%20attempts%20to%20trick%20users%20into%20installing%20Malware&cmgtrl0z300007wyidedmd004 2025-10-16T18:39:37.263Z weekly 0.6 https://kqlsearch.com/query/Identifying%20File%20Exfiltration%20via%20RDP%20Sessions&cmgrm3wfq0000cwiq8s0furfz 2025-10-15T06:30:47.798Z weekly 0.6 https://kqlsearch.com/query/cache_smuggle&cmgqjfqwy0000fj9cwqexymp1 2025-10-14T12:28:15.395Z weekly 0.6 https://kqlsearch.com/query/NTDSFileCreateModify&cmgor4ghw0000v9zjlsae02ob 2025-10-13T06:27:53.247Z weekly 0.6 https://kqlsearch.com/query/Identities%20Bad%20Reputation%20ASN%20activities&cmgktzt660000wpt4lthdjbyj 2025-10-10T12:37:10.638Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Unexpected%20network%20share%20access%20in%20a%20domain%20controller&cmggj518z0000tk0pif4t997v 2025-10-07T12:22:13.805Z weekly 0.6 https://kqlsearch.com/query/DetectProcessDropViaAzureLateralMovement&cmgf3giuc0003jr8e24zyahv5 2025-10-06T12:15:29.797Z weekly 0.6 https://kqlsearch.com/query/DetectFirstTimeAzureCustomScriptOrRunCommand&cmgf3gdvc0002jr8e7i320okc 2025-10-06T12:15:23.448Z weekly 0.6 https://kqlsearch.com/query/DetectExecutableDropViaAzure&cmgf3g5y60001jr8eesdsjnz5 2025-10-06T12:15:13.086Z weekly 0.6 https://kqlsearch.com/query/DetectAzureScriptOrRunCommandByRiskyUser&cmgf3fxn10000jr8ek143o6tm 2025-10-06T12:15:02.412Z weekly 0.6 https://kqlsearch.com/query/MDA%20-%20IP%20Address%20Type&cmg9eqtmw0001y3c52ykge77n 2025-10-02T12:44:49.160Z weekly 0.6 https://kqlsearch.com/query/MDA%20-%20File%20Download%20by%20Country&cmg9eqo7p0000y3c5uzpvw8cn 2025-10-02T12:44:41.969Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Anomalous%20Role%20Assignment&cmg8bah6z0000xmwzlcswe039 2025-10-01T18:20:21.419Z weekly 0.6 https://kqlsearch.com/query/XDR%20-%20DeviceAlerts&cmg4eugro0000sjco47gbb9bo 2025-09-29T00:48:48.113Z weekly 0.6 https://kqlsearch.com/query/Detecting%20potential%20CA%20policy%20bypass%20by%20privileged%20accounts%20via%20private%20browser%20sessions&cmg413bch0000cbxcbtzu5ykn 2025-09-28T18:23:46.384Z weekly 0.6 https://kqlsearch.com/query/Multiple-Activity%20from%20anonymous%20IP%20addresses&cmg0td7u00000tkcbh3vuwvwq 2025-09-26T12:24:12.920Z weekly 0.6 https://kqlsearch.com/query/IngestionDelays&cmfx9srcq00005h7wz1bld287 2025-09-24T00:53:07.321Z weekly 0.6 https://kqlsearch.com/query/removed%20device%20events&cmfwvzgyp00001o87g9l7oca1 2025-09-23T18:26:25.687Z weekly 0.6 https://kqlsearch.com/query/SMB%20%26%20NTLM%20Negotiation%20to%20Unknown%20Remote%20IPs&cmfvgt4z70000khrux1lvmh63 2025-09-22T18:33:49.817Z weekly 0.6 https://kqlsearch.com/query/Multiple-Microsoft%20Entra%20threat%20intelligence&cmfpe33zy00004pq9rmn9gnn0 2025-09-18T12:30:59.324Z weekly 0.6 https://kqlsearch.com/query/New%20KSMBD%20DoS%20(CVE-2025-38501)%20can%20exhaust%20SMB%20connections%20via%20half-open%20TCP%20handshakes&cmfobfjby00027kwtlynsjh1k 2025-09-17T18:28:53.951Z weekly 0.6 https://kqlsearch.com/query/Multiple-Entra%20ID%20Protection%20risk%20events&cmfob5e2y00017kwt2ltnrfak 2025-09-17T18:21:00.681Z weekly 0.6 https://kqlsearch.com/query/Analytics-EntraIDProtectionRiskEvents&cmfob4kh600007kwtr1rxve4t 2025-09-17T18:20:22.220Z weekly 0.6 https://kqlsearch.com/query/TH-Wmic-PS-Encoded&cmfnyjanz0003xi4titxnlaah 2025-09-17T12:27:54.430Z weekly 0.6 https://kqlsearch.com/query/MDE-OnboardingStatusTimeline&cmfnyios30002xi4t88gqwrbm 2025-09-17T12:27:25.973Z weekly 0.6 https://kqlsearch.com/query/MDE-AggregatedReporting&cmfnyicdf0001xi4tlp9aqyl2 2025-09-17T12:27:09.891Z weekly 0.6 https://kqlsearch.com/query/Multiple-Risky%20AD%20FS%20sign-in&cmfnyd5300000xi4tl1a47dgs 2025-09-17T12:23:07.260Z weekly 0.6 https://kqlsearch.com/query/Detect%20Windows%20Versions%20reaching%20end%20of%20service%20on%20October%26November%202025&cmfn9m5vw0001z7kjxbtwh41r 2025-09-17T00:50:17.696Z weekly 0.6 https://kqlsearch.com/query/Sign-in%20Attempts%20Using%20Deprecated%20TLS%20Versions&cmfn9lw1p0000z7kjn69fr3s1 2025-09-17T00:50:05.053Z weekly 0.6 https://kqlsearch.com/query/HuntPublicRemotlyExploitableDevicesWithHighEPSS&cmfltkyqf0002j7sqmwztjnoy 2025-09-16T00:33:41.738Z weekly 0.6 https://kqlsearch.com/query/HuntCriticalCredentialsOnNonTpmDevices&cmfltkq090001j7sqv3dxn0ko 2025-09-16T00:33:30.536Z weekly 0.6 https://kqlsearch.com/query/HuntCriticalCredentialsOnDevicesWithNonCriticalAccounts&cmfltkizm0000j7sqb56qv1x3 2025-09-16T00:33:21.332Z weekly 0.6 https://kqlsearch.com/query/Hunting%20for%20Malicious%20ClickFix%20cases%20from%20Airports&cmfh6o53u0000f7k9om77nyj1 2025-09-12T18:41:14.201Z weekly 0.6 https://kqlsearch.com/query/Add%20custom%20security%20attribute%20definition%20in%20an%20attribute%20set&cmfebzxvh000043d48owugysl 2025-09-10T18:47:04.253Z weekly 0.6 https://kqlsearch.com/query/WDAC%20App%20Control%20Collect%20Data%20for%20App%20Control%20Manager&cmfcwrxuw0001se7zv1yxymjw 2025-09-09T18:53:10.430Z weekly 0.6 https://kqlsearch.com/query/DeviceEvents%20-%20AppLocker%20Events&cmfcwrktt0000se7z38sgge2l 2025-09-09T18:52:52.775Z weekly 0.6 https://kqlsearch.com/query/Potential%20User%20Signed%20into%20Edge%20Browser%20From%20Unmanaged%20or%20Unregistered%20Device&cmfb3wjxg0000t4gkj6rwuw9z 2025-09-08T12:37:10.658Z weekly 0.6 https://kqlsearch.com/query/Rclone%20Copy%20Process%20Args&cmf9opb6d00004nplhghjrl1v 2025-09-07T12:43:52.404Z weekly 0.6 https://kqlsearch.com/query/Azure%20Logic%20App%20Disabled%20or%20Deleted&cmf6tco5i0002hf2gwlasmmir 2025-09-05T12:30:42.134Z weekly 0.6 https://kqlsearch.com/query/Azure%20Function%20App%20Stopped%20or%20Deleted&cmf6tcjst0001hf2gp96jc3sv 2025-09-05T12:30:36.605Z weekly 0.6 https://kqlsearch.com/query/Azure%20Communication%20Services%20Deleted&cmf6tcftc0000hf2gmeey2no4 2025-09-05T12:30:31.439Z weekly 0.6 https://kqlsearch.com/query/AADSignInEventsBeta%20-%20Hunting%20Potential%20Seamless%20SSO%20Usage&cmey8tt7f0000p6kg95jcdg39 2025-08-30T12:34:00.602Z weekly 0.6 https://kqlsearch.com/query/MDE-SuspiciousTCPFlags&cmex67mia0001vc4aksoblaw6 2025-08-29T18:33:00.082Z weekly 0.6 https://kqlsearch.com/query/MDE-SenseTriggersPowerShellPublicIP&cmex67emn0000vc4avhqxbzx1 2025-08-29T18:32:49.706Z weekly 0.6 https://kqlsearch.com/query/Multiple-Verified%20threat%20actor%20IP&cmewt271y0001haid5mkw5ir6 2025-08-29T12:24:51.766Z weekly 0.6 https://kqlsearch.com/query/Multiple-Suspicious%20API%20Traffic&cmewt1ymq0000haidaxbaxw5s 2025-08-29T12:24:40.726Z weekly 0.6 https://kqlsearch.com/query/TH-Use%20of%20Administrator%20Account&cmewg78oi0005vr8xbwvoefrq 2025-08-29T06:24:52.145Z weekly 0.6 https://kqlsearch.com/query/TH-TopLevelDomains&cmewg754x0004vr8xwpnu9lwz 2025-08-29T06:24:47.553Z weekly 0.6 https://kqlsearch.com/query/Purview-EntraCABlock-InsiderRisk&cmewg6v1e0003vr8x780yn5ri 2025-08-29T06:24:34.466Z weekly 0.6 https://kqlsearch.com/query/EntraID-EntraConnectSyncAuditEvents&cmewg6mdn0002vr8xfo68304u 2025-08-29T06:24:23.141Z weekly 0.6 https://kqlsearch.com/query/AzureDevOps%20%20-%20Repositories&cmewg65zp0001vr8x1ik7fq7x 2025-08-29T06:24:01.672Z weekly 0.6 https://kqlsearch.com/query/AD-AccountLastLogon&cmewg5za90000vr8xnkfzf56d 2025-08-29T06:23:53.312Z weekly 0.6 https://kqlsearch.com/query/Multiple-Leaked%20credentials&cmevqk7wl000010h7ppkjafeo 2025-08-28T18:27:07.652Z weekly 0.6 https://kqlsearch.com/query/fetch-dynamic-and-manual-tags-for-active-devices&cmev0rvn10000jaaapr1psuyy 2025-08-28T06:25:14.767Z weekly 0.6 https://kqlsearch.com/query/Set%20Persistence%20using%20Event%20Viewer%20Microsoft%20Redirection%20Program&cmetyy3lm0000xl4khkif8sv6 2025-08-27T12:46:19.833Z weekly 0.6 https://kqlsearch.com/query/HuntDomainsWithSeamlessSsoEnabled&cmet8tnj80000obzk0dcx7vzz 2025-08-27T00:35:02.259Z weekly 0.6 https://kqlsearch.com/query/EnrollmentAttemptWithADCSESC1HoneypotTemplate&cmeq0qv4d0000rz3vby26s9gc 2025-08-24T18:25:36.779Z weekly 0.6 https://kqlsearch.com/query/FileFromHostCollected&cmepnrxn3000011iqh0m6vwtn 2025-08-24T12:22:31.694Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Onmicrosoft%20domains%20impacted%20by%20email%20exchange%20restrictions%20with%20External%20Domains&cmeozmeqf0000qmkk2hktxxpi 2025-08-24T01:06:23.126Z weekly 0.6 https://kqlsearch.com/query/EEG-Assets%20allowing%20remote%20access&cmen5tx0d0005z6qzw2d2mwr3 2025-08-22T18:24:38.749Z weekly 0.6 https://kqlsearch.com/query/D4IOT-ConnectorState&cmen5toge0004z6qzdblcccsj 2025-08-22T18:24:27.661Z weekly 0.6 https://kqlsearch.com/query/MDXDR-AttackDisruptionAndResponse&cmen5tf9y0003z6qzvgobdnzw 2025-08-22T18:24:15.669Z weekly 0.6 https://kqlsearch.com/query/MDI-IdentifyServiceAccountOUs&cmen5t55x0002z6qz08chiscu 2025-08-22T18:24:02.660Z weekly 0.6 https://kqlsearch.com/query/MDI-DormantAccounts&cmen5t0rq0001z6qz6fvadi7s 2025-08-22T18:23:56.869Z weekly 0.6 https://kqlsearch.com/query/Arc-CompareMDE&cmen5sols0000z6qzq27xxmks 2025-08-22T18:23:41.103Z weekly 0.6 https://kqlsearch.com/query/AADServicePrincipalRiskEvents-Service%20principal%20at%20risk&cmeldr9dh0000y3ote47dt08v 2025-08-21T12:30:59.380Z weekly 0.6 https://kqlsearch.com/query/Assignment%20of%20Local%20Administrator%20Entra%20Role&cmekbftv7000013gnv1tn5zb3 2025-08-20T18:38:20.658Z weekly 0.6 https://kqlsearch.com/query/SentinelWorkspaceDisconnected&cmehg4yt60000edba9clhkuov 2025-08-18T18:26:33.290Z weekly 0.6 https://kqlsearch.com/query/SignInLogs%20-%20B2B%20Access%20Restrictions&cmed68fe80001sze6xf38acts 2025-08-15T18:38:13.999Z weekly 0.6 https://kqlsearch.com/query/Entra%20-%20Auditing%20TenantRestrictionsV2%20Events&cmed6846l0000sze6gcbp6ybj 2025-08-15T18:37:59.343Z weekly 0.6 https://kqlsearch.com/query/Request%20an%20actor%20token%20for%20graph.windows.net%20using%20Service%20to%20Service%20(S2S)&cmebef2ss0007wu92qsbofimb 2025-08-14T12:51:47.921Z weekly 0.6 https://kqlsearch.com/query/GraphAPIAuditEvents%20-%20UserEnrichment&cmebdwcuz0006wu92ks24r3nr 2025-08-14T12:37:15.272Z weekly 0.6 https://kqlsearch.com/query/GraphAPIAuditEvents%20-%20IPEnrichment&cmebdw5j90005wu92ckpjihea 2025-08-14T12:37:05.924Z weekly 0.6 https://kqlsearch.com/query/GraphAPIAuditEvents%20-%20GraphURIAPIRequestStats&cmebdvywg0004wu928sp8vbjg 2025-08-14T12:36:57.180Z weekly 0.6 https://kqlsearch.com/query/GraphAPIAuditEvents%20-%20GraphResourceAPIRequestStats&cmebdvrnt0003wu92vfsvebn8 2025-08-14T12:36:47.945Z weekly 0.6 https://kqlsearch.com/query/GraphAPIAuditEvents%20-%20AzureHound&cmebdvkoy0002wu92urrrnsgp 2025-08-14T12:36:38.747Z weekly 0.6 https://kqlsearch.com/query/GraphAPIAuditEvents%20-%20AppEnrichmentExternalData&cmebdvbm90001wu92fynr8613 2025-08-14T12:36:27.153Z weekly 0.6 https://kqlsearch.com/query/GraphAPIAuditEvents%20-%20AppEnrichmentAADNonInteractiveUserSignInLogs&cmebdv72o0000wu92i2jt7s6u 2025-08-14T12:36:20.225Z weekly 0.6 https://kqlsearch.com/query/EmailEvents%20-%20Sender%20TLD%20count&cme7g5odj0000g6du716rjyhq 2025-08-11T18:29:24.682Z weekly 0.6 https://kqlsearch.com/query/Risk%20Based%20Step%20Up%20Consent%20(RBSU)%20for%20Application&cme118uxa0000mg79soj8mabr 2025-08-07T06:45:21.616Z weekly 0.6 https://kqlsearch.com/query/App%20Consent%20to%20Risky%20Application&cme0owzwv0000oppwwk6rmu79 2025-08-07T01:00:13.021Z weekly 0.6 https://kqlsearch.com/query/identify-ip-assets-from-mdeasm-in-exposure-management-that-match-ti&cmdy5pqcv0000110bjeqxp5tg 2025-08-05T06:27:09.103Z weekly 0.6 https://kqlsearch.com/query/identify-mdeasm-hosts-with-high-or-critical-vulnerabilities-and-a-cvss-score-over-8&cmdrdgr070003uoadyo0r1qds 2025-07-31T12:29:43.735Z weekly 0.6 https://kqlsearch.com/query/identify-cves-in-mdeasm-web-pages-through-exposure-management&cmdrdgjjs0002uoadlk6l8v5z 2025-07-31T12:29:33.964Z weekly 0.6 https://kqlsearch.com/query/identify-assets-from-mdeasm-in-exposure-management&cmdrdge7y0001uoadp39z1n1a 2025-07-31T12:29:27.165Z weekly 0.6 https://kqlsearch.com/query/identify-assets-from-mdeasm-in-exposure-management-that-match-ti&cmdrdg3hf0000uoadva6xx636 2025-07-31T12:29:13.141Z weekly 0.6 https://kqlsearch.com/query/Successful%20join%20of%20fake%20device%20using%20ROPC%20(query%20by%20%40goldjg)&cmdqoolwh00003m6ejdw45fky 2025-07-31T00:55:59.875Z weekly 0.6 https://kqlsearch.com/query/SigninLogs-Legacy%20protocols%20used%20in%20Entra%20ID%20authentication&cmdqao31k000013xgxexqes0m 2025-07-30T18:23:40.778Z weekly 0.6 https://kqlsearch.com/query/Multiple-Unexpected%20account%20using%20a%20PowerShell%20app%20in%20Entra%20ID&cmdpxsvnb0000v33t69402u8n 2025-07-30T12:23:29.498Z weekly 0.6 https://kqlsearch.com/query/UnifiedMicrosoftGraphLogs&cmdpledym0000agog074toq66 2025-07-30T06:36:17.935Z weekly 0.6 https://kqlsearch.com/query/Detect%20Attempts%20to%20modify%20Amcache.hve%20or%20SYSTEM%20file&cmdoiqgn00000ukgk4gu5v8dg 2025-07-29T12:33:56.318Z weekly 0.6 https://kqlsearch.com/query/Enabled-data-connectors&cmdntkuzq0000ssqov1q2x2g5 2025-07-29T00:49:44.565Z weekly 0.6 https://kqlsearch.com/query/Analytics-AuthenticationMethodsChanges&cmdgajnln0001mq5un452hlqa 2025-07-23T18:22:32.394Z weekly 0.6 https://kqlsearch.com/query/Analytics-AuthenticationMethodChangesOld&cmdgaj7990000mq5uja6slr14 2025-07-23T18:22:11.212Z weekly 0.6 https://kqlsearch.com/query/Last%20Password%20Change%20Time%20with%20Account%20Creation%20Time&cmdevdhdz000093s9m09khvyz 2025-07-22T18:30:04.006Z weekly 0.6 https://kqlsearch.com/query/Audit%20Mandatory%20Office%20Days%20using%20Advanced%20Hunting&cmddtqh110001zrjjj1ia0ahu 2025-07-22T00:56:24.662Z weekly 0.6 https://kqlsearch.com/query/Email%20-%20AIREffectiveness&cmddthse00000zrjjn0khd8om 2025-07-22T00:49:39.481Z weekly 0.6 https://kqlsearch.com/query/RDP%20Trace%20Removal%20Detection&cmd8sqkea0000jlydkyxsr80d 2025-07-18T12:29:38.533Z weekly 0.6 https://kqlsearch.com/query/EnrichedMicrosoftGraphActivity&cmd70hyye0000voiseepk5dt2 2025-07-17T06:31:22.042Z weekly 0.6 https://kqlsearch.com/query/Multiple-User%20reported%20unusual%20sign-in%20event%20as%20not%20legitimate&cmd5xtpka0000hucrg3uibv0l 2025-07-16T12:28:44.841Z weekly 0.6 https://kqlsearch.com/query/DetectDirectSendPhishingEmails&cmd4hx2i000003fzi3xi1w89j 2025-07-15T12:15:41.449Z weekly 0.6 https://kqlsearch.com/query/ThreatIntelIndicators-Stopped%20event%20reception%20-%20ThreatIntelIndicators&cmcvxmdg800015xip6k7t11p4 2025-07-09T12:25:20.792Z weekly 0.6 https://kqlsearch.com/query/CommonSecurityLog-Stopped%20event%20reception%20-%20CommonSecurityLog%20-%20DeviceProduct&cmcvxm37s00005xipb4iedwdy 2025-07-09T12:25:07.416Z weekly 0.6 https://kqlsearch.com/query/SuspiciousExplorerChildProcess&cmcp5648700006jkjn127nm7v 2025-07-04T18:22:16.038Z weekly 0.6 https://kqlsearch.com/query/MDE%20DeviceRegistryEvents%20Tampering%20To%20DeviceTag&cmcnpz8z30000jtx5st60r4f0 2025-07-03T18:29:15.088Z weekly 0.6 https://kqlsearch.com/query/Entra%20Sign-ins%20to%20Legacy%20Azure%20Active%20Directory%20Powershell&cmcnd82jo000013yvqcu39e6f 2025-07-03T12:32:11.654Z weekly 0.6 https://kqlsearch.com/query/Detect%20the%20removal%20of%20evidence%20on%20executed%20programs&cmcmop62f0001st0heyrfrkir 2025-07-03T01:05:39.062Z weekly 0.6 https://kqlsearch.com/query/Detect%20bcedit%20commands%20related%20to%20boot%20configuration&cmcmoozrb0000st0htrx77mbo 2025-07-03T01:05:30.741Z weekly 0.6 https://kqlsearch.com/query/SuspiciousBrowserChildProcess&cmcmaaoah0000qekzxysi0yed 2025-07-02T18:22:28.121Z weekly 0.6 https://kqlsearch.com/query/monitor-for-analytics-editing-in-microsoft-sentinel&cmcj2u9070004jcizzfr6vqsw 2025-06-30T12:30:26.070Z weekly 0.6 https://kqlsearch.com/query/identify-microsoft-sentinel-changes-from-users-not-defined-within-approved-user-groups&cmcj2u3bo0003jciz4mdjee62 2025-06-30T12:30:18.594Z weekly 0.6 https://kqlsearch.com/query/identify-log-analytics-contributor-and-data-purger-role-assignment&cmcj2ts6b0002jciz5zqk2jis 2025-06-30T12:30:04.258Z weekly 0.6 https://kqlsearch.com/query/identify-activities-in-log-analytics-workspace-resource-locks&cmcj2tldw0001jcizxeety6an 2025-06-30T12:29:55.346Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Azure%20RBAC%20Elevated%20Access%20operation&cmcj2lk840000jcizi1qe5jbv 2025-06-30T12:23:40.595Z weekly 0.6 https://kqlsearch.com/query/CaBypassFirstPartyApps&cmci08gje0003tcsb94xd2ezr 2025-06-29T18:29:43.993Z weekly 0.6 https://kqlsearch.com/query/EEG-Trace%20Lateral%20Movement&cmci05f8t0002tcsb81xbemaf 2025-06-29T18:27:22.223Z weekly 0.6 https://kqlsearch.com/query/EEG-High-Privilege%20Identities%20Across%20Subscriptions&cmci058od0001tcsbdnv6o4q1 2025-06-29T18:27:13.837Z weekly 0.6 https://kqlsearch.com/query/MDISensorDeleted&cmci03avj0000tcsb4ulcrbvq 2025-06-29T18:25:43.249Z weekly 0.6 https://kqlsearch.com/query/Detect%20anomalous%20external%20OAuthApp%20activity%20using%20ActorInfoString&cmcgypbx00000tzch31hu9ytu 2025-06-29T00:59:05.747Z weekly 0.6 https://kqlsearch.com/query/Hackers%20Exploit%20Cloudflare%20Tunnels%20to%20Infect%20Windows%20Systems%20With%20Python%20Malware&cmcf5adiq000074qh8nu2leug 2025-06-27T18:27:52.853Z weekly 0.6 https://kqlsearch.com/query/Analytics-AppConsentAssignment&cmcesg1in0000mxv8hk9zf5we 2025-06-27T12:28:22.156Z weekly 0.6 https://kqlsearch.com/query/Direct%20Send%20Abuse%20Detection&cmcdq8vhe0000n2ev2f5y86bh 2025-06-26T18:39:02.497Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Text%20and%20CSV%20Data%20Dumps%20via%20Command%20Line&cmcdd2ui1000013h3g8s9v2nx 2025-06-26T12:30:26.280Z weekly 0.6 https://kqlsearch.com/query/Suspicious%20CLI%20Obfuscation&cmcco487t000013z2rvm6ns4f 2025-06-26T00:51:40.312Z weekly 0.6 https://kqlsearch.com/query/Suspicious%20MSHTA%20Usage&cmcb9a4rh0000rvw9afkx4ys4 2025-06-25T01:08:35.357Z weekly 0.6 https://kqlsearch.com/query/FileFix%20Detection&cmcaveszu0000n5vfadr7yvuw 2025-06-24T18:40:18.599Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Entra%20ID%20role%20assignment&cmc9fg4cy0002xzw5tjgbumxw 2025-06-23T18:25:40.114Z weekly 0.6 https://kqlsearch.com/query/Analytics-EntraIDRoleAssignments&cmc9ff6oo0001xzw5xk2a56ri 2025-06-23T18:24:56.314Z weekly 0.6 https://kqlsearch.com/query/HuntMdiNotInstalled&cmc9eyari0000xzw58qjie773 2025-06-23T18:11:48.605Z weekly 0.6 https://kqlsearch.com/query/Detecting%20connections%20affected%20by%20the%20Blocking%20Legacy%20Authentication%20enforcement%20expected%20by%20July%202025.&cmc9342v00005soi1ji64dvwt 2025-06-23T12:40:22.907Z weekly 0.6 https://kqlsearch.com/query/UnifiedIdentityInfoXdr&cmc9306va0004soi1flgo115v 2025-06-23T12:37:21.314Z weekly 0.6 https://kqlsearch.com/query/Multiple-Unexpected%20Entra%20ID%20device&cmc92nc5q0003soi1fb00dxa6 2025-06-23T12:27:21.805Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Entra%20ID%20unusual%20operation&cmc92n0230002soi1t8hi0ig2 2025-06-23T12:27:06.123Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Entra%20ID%20B2C%20settings%20modified&cmc92mpzr0001soi1b73e53b7 2025-06-23T12:26:52.917Z weekly 0.6 https://kqlsearch.com/query/Analytics-UnexpectedEntraIDDevice&cmc92ly7o0000soi1aq26ucvm 2025-06-23T12:26:16.916Z weekly 0.6 https://kqlsearch.com/query/Sniffing%20Out%20UNC3944%20on%20Teams&cmc804p5f00001375om35br2b 2025-06-22T18:29:06.663Z weekly 0.6 https://kqlsearch.com/query/CloudflaredTunnel&cmc5izy820003dlb5xviz5w7k 2025-06-21T00:53:59.426Z weekly 0.6 https://kqlsearch.com/query/MDE-Windows%20Server%20-%20Client%20-%20Missing%20Updates%20Summary&cmc5iygih0002dlb5yoa28p0b 2025-06-21T00:52:49.816Z weekly 0.6 https://kqlsearch.com/query/MDE-Office365VersionHistory&cmc5iy7320001dlb5iwjstkvl 2025-06-21T00:52:37.475Z weekly 0.6 https://kqlsearch.com/query/MDE-Defenderpassivemode&cmc5ixtc80000dlb54hv2q2b8 2025-06-21T00:52:19.661Z weekly 0.6 https://kqlsearch.com/query/Audit%20User%20tries%20to%20change%20password%20to%20a%20non-complying%20password&cmc56h0i7000xd9sb4qs2663x 2025-06-20T19:03:20.433Z weekly 0.6 https://kqlsearch.com/query/CVE-2025-33073%20Detection&cmc56fswh000wd9sbgn2sindj 2025-06-20T19:02:24.016Z weekly 0.6 https://kqlsearch.com/query/TA4557%20drops%20More_Eggs&cmc56fidw000vd9sbdx7vzon6 2025-06-20T19:02:10.388Z weekly 0.6 https://kqlsearch.com/query/Suspicious%20OAuth%20applications%20used%20to%20retrieve%20and%20send%20emails&cmc56f8ki000ud9sbd4ixr8we 2025-06-20T19:01:57.573Z weekly 0.6 https://kqlsearch.com/query/Social%20Engineering%20Attack%20Detection&cmc56f2ag000td9sbnb7hrqm8 2025-06-20T19:01:49.527Z weekly 0.6 https://kqlsearch.com/query/Ottercookie%20Detection&cmc56esbb000sd9sbssofpztg 2025-06-20T19:01:36.507Z weekly 0.6 https://kqlsearch.com/query/External%20Attack%20Surface%20Monitoring%20KQL&cmc56ec4n000rd9sb2p7haoek 2025-06-20T19:01:14.974Z weekly 0.6 https://kqlsearch.com/query/Discord%20Invite%20Hijacking%20Detection&cmc56drvl000qd9sbysomun44 2025-06-20T19:00:49.284Z weekly 0.6 https://kqlsearch.com/query/APT%20Stealth%20Falcon%20-%20CVE-2025-33053%20Detection&cmc56d380000pd9sb62majtte 2025-06-20T19:00:17.332Z weekly 0.6 https://kqlsearch.com/query/ANY.RUN%20Obfuscated%20BAT%20Dropper%20Delivers%20NetSupport%20RAT%20post&cmc56csiy000od9sblnm6funx 2025-06-20T19:00:03.561Z weekly 0.6 https://kqlsearch.com/query/Potential%20commands%20executed%20by%20a%20powerShell.exe%20renamed&cmc56beb1000nd9sb71xre0qy 2025-06-20T18:58:58.385Z weekly 0.6 https://kqlsearch.com/query/3%20-%20Finding%20sensitive%20Roles%20with%20CSPM%20posture%20and%20used%20by%20OAuth&cmc5697bj000md9sbiz6sdb8j 2025-06-20T18:57:16.019Z weekly 0.6 https://kqlsearch.com/query/2%20-%20Custom%20Graph%20Query%20on%20Recommendations%20and%20Target&cmc5691dv000ld9sb41l6s7dc 2025-06-20T18:57:08.419Z weekly 0.6 https://kqlsearch.com/query/1%20-%20List%20of%20critical%20Azure%20resources%20in%20XSPM&cmc568ub8000kd9sbm3hzkbvt 2025-06-20T18:56:59.160Z weekly 0.6 https://kqlsearch.com/query/3%20-%20Correlation%20between%20CSPM%20and%20IdentityInfo&cmc568mcz000jd9sbq68vlyly 2025-06-20T18:56:48.946Z weekly 0.6 https://kqlsearch.com/query/2%20-%20Adv.%20Correlation%20between%20Alert%20and%20Attack%20Path&cmc568djz000id9sb1tws8o1z 2025-06-20T18:56:37.443Z weekly 0.6 https://kqlsearch.com/query/1%20-%20Correlation%20between%20Alert%20and%20Attack%20Path&cmc5681w7000hd9sb2716td71 2025-06-20T18:56:22.423Z weekly 0.6 https://kqlsearch.com/query/3%20-%20EPM%20Insights&cmc567rj8000gd9sbiciqexja 2025-06-20T18:56:08.265Z weekly 0.6 https://kqlsearch.com/query/2%20-%20Sensitive%20Labels%20in%20Azure%20Resources&cmc567khc000fd9sbhfkojj1y 2025-06-20T18:55:59.856Z weekly 0.6 https://kqlsearch.com/query/1%20-%20Overview%20of%20Attack%20Paths&cmc567ihn000ed9sbxlbifj5a 2025-06-20T18:55:57.183Z weekly 0.6 https://kqlsearch.com/query/CaMfaExcludeRuleXdr&cmc5678ai000dd9sbpkwmq6q5 2025-06-20T18:55:44.058Z weekly 0.6 https://kqlsearch.com/query/AuthMethods-TokenBoundedCae&cmc56728s000cd9sbksciqmbx 2025-06-20T18:55:36.127Z weekly 0.6 https://kqlsearch.com/query/ConditionalAccessBaselineGapDetectedDuePolicyChange&cmc566jwq000bd9sbz3nk8lzd 2025-06-20T18:55:12.457Z weekly 0.6 https://kqlsearch.com/query/EntraID-PIMRoleActivations&cmc564hig000ad9sb9z47aqbn 2025-06-20T18:53:35.948Z weekly 0.6 https://kqlsearch.com/query/EntraID-EnterpriseApps-Deleted&cmc5645x60009d9sbd8zr42wz 2025-06-20T18:53:21.017Z weekly 0.6 https://kqlsearch.com/query/EntraID-DisabledUserswithPrivRoles&cmc5640ea0008d9sblaag3hrj 2025-06-20T18:53:13.766Z weekly 0.6 https://kqlsearch.com/query/UserAccountDeletion&cmc562yya0007d9sbdjihfywd 2025-06-20T18:52:25.237Z weekly 0.6 https://kqlsearch.com/query/DisabledAccountAttackDisruption&cmc561ypm0006d9sbal6xrscn 2025-06-20T18:51:38.269Z weekly 0.6 https://kqlsearch.com/query/Quarantined%20messages&cmc55zvst0005d9sb7ur789kf 2025-06-20T18:50:01.184Z weekly 0.6 https://kqlsearch.com/query/Quarantined%20emails&cmc55zjsq0004d9sbcwelif3j 2025-06-20T18:49:45.630Z weekly 0.6 https://kqlsearch.com/query/365DaysofKQL-Day100&cmc55t0820003d9sbhkt6jtuk 2025-06-20T18:44:40.323Z weekly 0.6 https://kqlsearch.com/query/HuntMSOLAzureADConnectOrEntraSyncServers&cmc55nqos0002d9sbe84olo52 2025-06-20T18:40:34.686Z weekly 0.6 https://kqlsearch.com/query/DetectCredAddToConnectSyncApplication&cmc55ngf60001d9sbytt148k2 2025-06-20T18:40:21.473Z weekly 0.6 https://kqlsearch.com/query/DetectChangesToConnectSyncApplication&cmc55n9ra0000d9sbc2ympht3 2025-06-20T18:40:12.745Z weekly 0.6 https://kqlsearch.com/query/NTLMv2%20Hash%20Leak%20via%20COM%20Detection&cmbcjv1ua00dvms0f3dr45j5y 2025-05-31T18:12:51.194Z weekly 0.6 https://kqlsearch.com/query/OAuth%20app%20using%20the%20OD%20file%20picker%20permission&cmbc720tq00dmms0fo9tpqu60 2025-05-31T12:14:21.451Z weekly 0.6 https://kqlsearch.com/query/One-Click%20ANY%20RUN%20Storm-1747%20KQL%20Scan&cmb9p4pko00c3ms0fx38aow2c 2025-05-29T18:17:01.397Z weekly 0.6 https://kqlsearch.com/query/Hunting%20DragonForce%20with%20ANY.RUN%20Threat%20Intelligence&cmb9p3xxi00c2ms0flzhnrpdc 2025-05-29T18:16:25.571Z weekly 0.6 https://kqlsearch.com/query/IOCs%20Associated%20with%20APT41%E2%80%99s%20Malware%20Delivery%20via%20Google%20Calendar&cmb8mgvk900bdms0fszvt6yn9 2025-05-29T00:14:44.168Z weekly 0.6 https://kqlsearch.com/query/AppSheet.com%20abused%20to%20send%20Phish&cmb89qzir00b4ms0f6r4prh6b 2025-05-28T18:18:40.680Z weekly 0.6 https://kqlsearch.com/query/Detect%20suspicious%20actions%20to%20change%20Desktop%20Background&cmb89m9b700b3ms0fd5qgi8fx 2025-05-28T18:15:00.086Z weekly 0.6 https://kqlsearch.com/query/Detect%20suspicious%20files%20dropped%20into%20Public%20Folder&cmb89lsjn00b2ms0fkg6wdl37 2025-05-28T18:14:38.360Z weekly 0.6 https://kqlsearch.com/query/ModifyCredentialsEntraConnectAppIdentity&cmb7wmxkw00atms0frnpst80y 2025-05-28T12:11:36.703Z weekly 0.6 https://kqlsearch.com/query/EntraID-PIMRoleSettingChanges&cmb2jirhf007gms0f8z669clp 2025-05-24T18:05:36.138Z weekly 0.6 https://kqlsearch.com/query/defendnot%20detection&cmb14kx5s006jms0fg3q20gyt 2025-05-23T18:19:36.544Z weekly 0.6 https://kqlsearch.com/query/Blob%20URI%20Unique%20Domain%20Count&cmb01rvzy005ums0fb217sryc 2025-05-23T00:13:16.606Z weekly 0.6 https://kqlsearch.com/query/glibc%20critical%20vulnerability%20(CVSS%209.8)&cmazp4x4o005lms0f54ngn3tl 2025-05-22T18:19:29.441Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20Weekly%20OSINT%20Indicators%20Scan%2019052025&cmazp3n7o005kms0fwwt8cklr 2025-05-22T18:18:29.933Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20Weekly%20OSINT%20Indicators%20Scan%2012052025&cmazp3fsi005jms0fsbuop19f 2025-05-22T18:18:20.465Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20Weekly%20OSINT%20Indicators%20Scan%2005052025&cmazp38yv005ims0fcgw2u22z 2025-05-22T18:18:11.471Z weekly 0.6 https://kqlsearch.com/query/CVSS%209.8%20Rockwell%20Automation%20Impacted%20by%20High-Severity%20log4net%20Vulnerability&cmazp2p4m005hms0fk10o4f96 2025-05-22T18:17:45.910Z weekly 0.6 https://kqlsearch.com/query/CVE-2025-32705%20Out-of-bounds%20Read%20Detection&cmazp2ij5005gms0fbur6czat 2025-05-22T18:17:37.209Z weekly 0.6 https://kqlsearch.com/query/BadSuccessor%20Detection&cmayz8e3h004zms0fjm5fiywp 2025-05-22T06:14:21.532Z weekly 0.6 https://kqlsearch.com/query/Malware%20C2%20Comms%20over%20Azure%20Blob%20Metadata&cmay9oaxf004ims0fmpnz7caf 2025-05-21T18:18:53.906Z weekly 0.6 https://kqlsearch.com/query/Global%20Admin%20Entra%20Cookie%20with%20Chrome%20ZeroDay&cmawuf5ja003lms0f9z1owsq1 2025-05-20T18:24:06.447Z weekly 0.6 https://kqlsearch.com/query/Senstive%20Large%20File%20Uploads%20using%20CloudAppEvents&cmawheyaf003cms0f1p6ijnr1 2025-05-20T12:20:02.198Z weekly 0.6 https://kqlsearch.com/query/AD-UserDeviceObjectOUMoves&cmavr7itc002vms0fkc0s26sq 2025-05-20T00:06:25.535Z weekly 0.6 https://kqlsearch.com/query/AD-GroupPolicy&cmavr7d4b002ums0f0mr0h5eq 2025-05-20T00:06:18.155Z weekly 0.6 https://kqlsearch.com/query/AD-ComputerObjectOSNameChanged&cmavr77al002tms0f38fos1qf 2025-05-20T00:06:10.452Z weekly 0.6 https://kqlsearch.com/query/AD-Account%20Password%20Not%20Required%20changed&cmavr6xvu002sms0fap50pjrk 2025-05-20T00:05:58.410Z weekly 0.6 https://kqlsearch.com/query/Devices%20with%20High%20severity%20CVEs%20with%20exploits%20available&cmavesbwd002jms0fy04vz572 2025-05-19T18:18:41.340Z weekly 0.6 https://kqlsearch.com/query/EntraFalcon%20Detection&cmaveqpc0002ims0fp5oe03xc 2025-05-19T18:17:25.289Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Social%20Engineering%20Attacks%20in%20Teams%20with%20KQL&cmasjoerb000pms0fv14bfarb 2025-05-17T18:12:17.823Z weekly 0.6 https://kqlsearch.com/query/Critical%20identities%20with%20zero-day%20Chrome%20vulnerability&cmartyd190008ms0fjwz6p4d7 2025-05-17T06:12:12.133Z weekly 0.6 https://kqlsearch.com/query/CVE-2025-4664%20Chrome%20flaw%20with%20public%20exploit&cmar4r9kx02rpp10faqvgwvqg 2025-05-16T18:26:50.666Z weekly 0.6 https://kqlsearch.com/query/identities-set-to-password-never-expires-with-blast-radius-value-or-tagged-as-sensitive&cmar4iz5y02rop10fygny9fa7 2025-05-16T18:20:23.919Z weekly 0.6 https://kqlsearch.com/query/Azure%20AI%20Security%20Finding%20Report&cmao9xzsd02pvp10fz35gspuj 2025-05-14T18:28:44.269Z weekly 0.6 https://kqlsearch.com/query/User%20Information%20collected%20externally%20when%20a%20URL%20is%20clicked&cmao9vc0d02pup10fte3g73j0 2025-05-14T18:26:39.990Z weekly 0.6 https://kqlsearch.com/query/ASN%20generating%20high%20number%20of%20connection%20requests%20based%20on%20average&cmao9uy2m02ptp10fhud6wbmh 2025-05-14T18:26:21.927Z weekly 0.6 https://kqlsearch.com/query/Audit%20User%20Marked%20as%20Compromised%20By%20Admin%20or%20App&cmamul3xy02owp10f4287up4i 2025-05-13T18:31:02.561Z weekly 0.6 https://kqlsearch.com/query/Internet%20facing%20devices%20vulnerablility%20report&cmal2sby602nrp10fi6cu5m0d 2025-05-12T12:45:04.103Z weekly 0.6 https://kqlsearch.com/query/Detecting%20M365%20Copilot%20Shared%20Agent&cmal2rlk702nqp10fpix15cr5 2025-05-12T12:44:29.904Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Kerberoasting%20attack&cmal1xeqp02npp10f45lho1nh 2025-05-12T12:21:01.382Z weekly 0.6 https://kqlsearch.com/query/Modifications%20To%20ApplicationManagementPolicy%20for%20Entra%20App%20Registrations&cmakcfyt902n8p10f82m247ph 2025-05-12T00:27:37.341Z weekly 0.6 https://kqlsearch.com/query/Blob%20URIs%20creation%20trend%20analysis&cmajznq8w02mzp10f29n2rqwu 2025-05-11T18:29:44.479Z weekly 0.6 https://kqlsearch.com/query/Purview-DLP-Activity-FileUploadedToCloud&cmajzao9j02myp10fhqjc83td 2025-05-11T18:19:35.382Z weekly 0.6 https://kqlsearch.com/query/Purview-DLP-Activity-FilePrinted&cmajzahbm02mxp10fd577zaub 2025-05-11T18:19:26.235Z weekly 0.6 https://kqlsearch.com/query/Purview-DLP-Activity-FileCopiedToRemoteDesktopSession&cmajza9y902mwp10f4arojjl1 2025-05-11T18:19:16.832Z weekly 0.6 https://kqlsearch.com/query/Purview-DLP-Activity-FileCopiedToClipboard&cmajza30n02mvp10fnuso76we 2025-05-11T18:19:07.697Z weekly 0.6 https://kqlsearch.com/query/RMM%20Hunting%20with%20Sentinel%20TI&cmaik3dm202lyp10fgk5hczhs 2025-05-10T18:26:14.417Z weekly 0.6 https://kqlsearch.com/query/SAP%20NetWeaver%20Attack%20by%20Chinese%20Threat%20Actor%20Impact%20Assessment&cmaik2kq702lxp10fh3h5603u 2025-05-10T18:25:37.134Z weekly 0.6 https://kqlsearch.com/query/CVE-2025-20188%20CVSS%2010%20out%20of%2010&cmai75zrn02lop10febittr0i 2025-05-10T12:24:21.586Z weekly 0.6 https://kqlsearch.com/query/Entra-AdministrativeUnits&cmai6v82g02lnp10f4h5ta3qv 2025-05-10T12:15:59.127Z weekly 0.6 https://kqlsearch.com/query/Outlook%20New%20Requirements%20for%20High%E2%80%90Volume%20Senders&cmafpacp102k2p10fg6tfudqb 2025-05-08T18:28:19.524Z weekly 0.6 https://kqlsearch.com/query/Multiple-Potential%20Golden%20SAML%20authentication&cmafon7yz02k1p10fi03c15q7 2025-05-08T18:10:20.314Z weekly 0.6 https://kqlsearch.com/query/Incidents%20to%20Mitre%20ATTACK%20navigator&cmafcqtq402jsp10fl30008o0 2025-05-08T12:37:12.931Z weekly 0.6 https://kqlsearch.com/query/Monitor%20Copilot%20Agent%20for%20SharePoint&cmafcoj8u02jrp10fm2t4uty8 2025-05-08T12:35:26.038Z weekly 0.6 https://kqlsearch.com/query/M365%20Copilot%20Gone%20Rouge&cmaezr9yh02jip10ff2a0e57n 2025-05-08T06:33:38.960Z weekly 0.6 https://kqlsearch.com/query/Detect%20Personal%20OneDrive%20Sync%20on%20corporate%20endpoints&cmaezqhhi02jhp10f63hl09uu 2025-05-08T06:33:02.062Z weekly 0.6 https://kqlsearch.com/query/DetectSuspiciousFociTokenLoginsV2&cmad5nqys02i4p10f78n638mc 2025-05-06T23:43:19.723Z weekly 0.6 https://kqlsearch.com/query/DetectEntraTokenRequestViaBofIoC&cmad5nfwc02i3p10fw7an0640 2025-05-06T23:43:05.532Z weekly 0.6 https://kqlsearch.com/query/Teams-Messages&cmacu736r02i2p10fj5ixdsd9 2025-05-06T18:22:26.636Z weekly 0.6 https://kqlsearch.com/query/Parsing-WizIssuesOld&cmactve2j02i1p10falu95wic 2025-05-06T18:13:21.018Z weekly 0.6 https://kqlsearch.com/query/Parsing-WizDetections&cmactv3kr02i0p10f9xwy8833 2025-05-06T18:13:07.268Z weekly 0.6 https://kqlsearch.com/query/Golden%20Chickens%20TerraLogger%20Detection&cmachngji02hrp10fra17dxcl 2025-05-06T12:31:15.581Z weekly 0.6 https://kqlsearch.com/query/HuntPrivilegeEscalationPathsWithHighACLs&cmabq7qsf02h2p10f7cy7v8pz 2025-05-05T23:43:12.582Z weekly 0.6 https://kqlsearch.com/query/Golden%20Chickens%20TerraStealerV2%20Malware%20Detection&cmabeznve02h1p10f2jdv8h1g 2025-05-05T18:28:59.778Z weekly 0.6 https://kqlsearch.com/query/T1555.003%20-%20Credentials%20from%20Web%20Browsers&cma9mh5ie02fwp10fenojwoyn 2025-05-04T12:23:00.751Z weekly 0.6 https://kqlsearch.com/query/Threat%20Hunting%20Mshta%20with%20Sentinel%20TI&cma8k9bru02f7p10f2bvy75ed 2025-05-03T18:33:10.209Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-38475%20Apache%20HTTP%20Server%20Improper%20Escaping%20of%20Output%20Vulnerability&cma74nywt02eap10fvquy2a1x 2025-05-02T18:28:53.500Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20ClickFix%20Triage%20Query&cma748glg02e9p10fj6z7a050 2025-05-02T18:16:49.772Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Commvault%20Exploitation%20in%20Azure&cma5p2i2402dcp10f212d8ike 2025-05-01T18:24:31.468Z weekly 0.6 https://kqlsearch.com/query/Hunting%20CVE-2025-31324&cma4zgg1b02cvp10f9seiz4kh 2025-05-01T06:27:31.863Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20LoadedFiles&cma4m2x9b02cmp10fcq0r902j 2025-05-01T00:13:06.142Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Unusual%20service%20creation%20in%20a%20domain%20controller&cma497o4c02cdp10ftll2vwnl 2025-04-30T18:12:52.570Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Unusual%20network%20share%20access%20in%20a%20domain%20controller&cma497dvp02ccp10fv15yokug 2025-04-30T18:12:39.147Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Unusual%20access%20to%20distinct%20network%20shares&cma4973ag02cbp10fdpx13wej 2025-04-30T18:12:25.575Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Possible%20unusual%20remote%20session%20in%20a%20domain%20controller&cma496vb502cap10f2lh8fl0c 2025-04-30T18:12:15.079Z weekly 0.6 https://kqlsearch.com/query/IdentityDirectoryEvents-Unusual%20PowerShell%20execution&cma3wjwqy02c1p10fbilr83ei 2025-04-30T12:18:28.467Z weekly 0.6 https://kqlsearch.com/query/Zscalar%20IP%20Sign-in%20Check&cma2htqs102b4p10f7ysn4xgg 2025-04-29T12:38:26.874Z weekly 0.6 https://kqlsearch.com/query/Uncovering%20Fast%20Flux%20with%20Sentinel%20Threat%20Intelligence&cma1eydwl02afp10f1mb6u1pk 2025-04-28T18:30:18.444Z weekly 0.6 https://kqlsearch.com/query/DetectSuspiciousNcryptUsageWithSuspiciousRdpSession&cm9yv9vfj028mp10f8ry8jev3 2025-04-26T23:43:49.853Z weekly 0.6 https://kqlsearch.com/query/DetectSuspiciousNcryptUsageWithSuspiciousAdminRdpSession&cm9yv9obk028lp10fc5cl82zc 2025-04-26T23:43:40.486Z weekly 0.6 https://kqlsearch.com/query/DetectSuspiciousNcryptUsageByCliToolOrUnknownProcessWithNonce&cm9yv9f4u028kp10fk6q8kdq0 2025-04-26T23:43:28.733Z weekly 0.6 https://kqlsearch.com/query/DetectSuspiciousNcryptUsageByCliToolOrUnknownProcess&cm9yv98m5028jp10frjj8hqml 2025-04-26T23:43:20.132Z weekly 0.6 https://kqlsearch.com/query/DetectMultipleWhfbPrtTokensUsedSimultaneouslyForOneDevice&cm9yv923t028ip10ffgwz2ckc 2025-04-26T23:43:11.848Z weekly 0.6 https://kqlsearch.com/query/HuntDevicesDoingRdpToNonTpmDevice&cm9yv8v1m028hp10fz1t8frk3 2025-04-26T23:43:02.545Z weekly 0.6 https://kqlsearch.com/query/HuntDevicesDoingFirstRdpSession&cm9yv8oru028gp10fnfy943nb 2025-04-26T23:42:54.570Z weekly 0.6 https://kqlsearch.com/query/Mapping%20Threat%20Intelligence%20to%20MITRE%20ATT%26CK%20Using%20KQL&cm9yjxpjn028fp10f7sqz7eqg 2025-04-26T18:26:26.427Z weekly 0.6 https://kqlsearch.com/query/Cookie-Bite%20Detection&cm9vc64wb026ep10frsnrou7l 2025-04-24T12:25:44.116Z weekly 0.6 https://kqlsearch.com/query/Weaponized%20files%20extracting%20.DLL%20files%20after%20execution&cm9umlta5025xp10frtj8vb8b 2025-04-24T00:30:05.541Z weekly 0.6 https://kqlsearch.com/query/SuspiciousRUNMRUEntry&cm9u9imbx025op10ftcyxzpxq 2025-04-23T18:23:41.543Z weekly 0.6 https://kqlsearch.com/query/AADServicePrincipalSignInLogs-Suspicious%20multiple%20service%20principal%20authentication%20from%20IP%20address&cm9tw5xio025fp10fay109bgg 2025-04-23T12:09:54.520Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Cross-tenant%20settings%20modified&cm9tw5lmm025ep10fin00kk97 2025-04-23T12:09:39.111Z weekly 0.6 https://kqlsearch.com/query/Tracking%20Proton66%20Activity%20with%20KQL&cm9rruvoq0241p10f3sr9knt5 2025-04-22T00:33:48.265Z weekly 0.6 https://kqlsearch.com/query/Detection%20Response%20by%20tracing%20File%20Lineage&cm9r1zq7t023kp10fg46bej17 2025-04-21T12:29:44.289Z weekly 0.6 https://kqlsearch.com/query/Mitigating%20security%20risks%20in%20MCP%20implementations&cm9pzdviz022vp10flbs1mxm2 2025-04-20T18:28:59.482Z weekly 0.6 https://kqlsearch.com/query/Hunting%20chrome%20extension%20with%20hidden%20tracking&cm9melrmi020mp10fk54gwmku 2025-04-18T06:23:57.058Z weekly 0.6 https://kqlsearch.com/query/CVE-2025-24054%20NTLM%20Exploit%20in%20the%20Wild%20Detection&cm9k9ijhn01z9p10fkdercw34 2025-04-16T18:25:56.267Z weekly 0.6 https://kqlsearch.com/query/IdentityDirectoryEvents-Unexpected%20service%20creation&cm9k8y12b01z8p10f4ysd7p25 2025-04-16T18:09:59.266Z weekly 0.6 https://kqlsearch.com/query/DeviceNetworkEvents-Uncommon%20process%20connection%20to%20suspicious%20domain&cm9k8xsmr01z7p10f3actic91 2025-04-16T18:09:48.189Z weekly 0.6 https://kqlsearch.com/query/Modifications%20to%20SafeLinks%20AllowClickThrough%20Policy&cm9jwmi4901yyp10fjlhifty1 2025-04-16T12:25:05.956Z weekly 0.6 https://kqlsearch.com/query/BurteForceSingleIPmultipledestinationswithin10minutes&cm9jwfi4o01yxp10fr1iwooth 2025-04-16T12:19:39.379Z weekly 0.6 https://kqlsearch.com/query/Overprivileged%20Admin-Consented%20OAuth%20Applications&cm9iu645y01y8p10f14imt202 2025-04-15T18:28:35.956Z weekly 0.6 https://kqlsearch.com/query/AzureActivity-Snapshot%20of%20monitored%20Azure%20resource&cm9itjw9901y7p10fh1t38z14 2025-04-15T18:11:19.277Z weekly 0.6 https://kqlsearch.com/query/UnusedHighPrivPermissions&cm9he78t701xap10fau8runf1 2025-04-14T18:13:48.763Z weekly 0.6 https://kqlsearch.com/query/MostUserConsentApplication&cm9he72lb01x9p10fwhv1sf9e 2025-04-14T18:13:40.548Z weekly 0.6 https://kqlsearch.com/query/ExternalApplicationHighPrivPermissions&cm9he6vtl01x8p10frii8ebcs 2025-04-14T18:13:31.928Z weekly 0.6 https://kqlsearch.com/query/ApplicationMailPermission&cm9he6odu01x7p10fvmks7yns 2025-04-14T18:13:22.135Z weekly 0.6 https://kqlsearch.com/query/MDA%20-%20OAuth%20App%20Disabled&cm9e6uppn01v6p10f1hxpu3nm 2025-04-12T12:24:48.147Z weekly 0.6 https://kqlsearch.com/query/IngestionSizeSecurityEvents&cm9e6emyc01v5p10ftfm9cvar 2025-04-12T12:12:18.228Z weekly 0.6 https://kqlsearch.com/query/OAuth%20App%20for%20BEC%20%26%20Phishing%20Detection&cm9d4c6uv01ugp10fjxmya7hg 2025-04-11T18:26:38.646Z weekly 0.6 https://kqlsearch.com/query/AntiSleep%20Domains%20-%20MDE%20DeviceNetworkEvents&cm9criqb901u7p10fi7o65x0g 2025-04-11T12:27:48.788Z weekly 0.6 https://kqlsearch.com/query/CVE-2025-29824%20PipeMagic%20Detection&cm9crg2bn01u6p10f4pkl8mp4 2025-04-11T12:25:44.232Z weekly 0.6 https://kqlsearch.com/query/BlackSuitbublupexfil&cm9a9edob01slp10fxukf5gua 2025-04-09T18:25:00.347Z weekly 0.6 https://kqlsearch.com/query/UnsginedExecutionsfromuserdirectories&cm9a9e7ao01skp10fjsj873uh 2025-04-09T18:24:51.926Z weekly 0.6 https://kqlsearch.com/query/check-if-defender-easm-ips-or-hosts-are-mentioned-in-ddosia-project-current-configuration&cm9a9adcn01sjp10fudr4cbrh 2025-04-09T18:21:53.150Z weekly 0.6 https://kqlsearch.com/query/LastPasswordChange&cm9a93osk01sip10fzcnl3de1 2025-04-09T18:16:41.540Z weekly 0.6 https://kqlsearch.com/query/WorkloadIdentityInfoXdr&cm99wgqn401s9p10f46t6htst 2025-04-09T12:22:55.303Z weekly 0.6 https://kqlsearch.com/query/EntraID-OauthAppInfo&cm97r18t701qwp10ftdamc8f1 2025-04-08T00:15:22.074Z weekly 0.6 https://kqlsearch.com/query/Review%20required%20outbound%20connections%20to%20work%20wit%20Defender%20for%20Cloud%20Apps&cm97eb18401qnp10fkwwovz57 2025-04-07T18:19:03.796Z weekly 0.6 https://kqlsearch.com/query/runHuntingQueryStatistics&cm97e0x3f01qmp10fgwk8233x 2025-04-07T18:11:11.731Z weekly 0.6 https://kqlsearch.com/query/runHuntingQueryExecution&cm95lmrht01php10fx3qwcpt0 2025-04-06T12:08:36.016Z weekly 0.6 https://kqlsearch.com/query/MDO-Non-RFC%20Compliant%20Emails&cm94j3oxz01osp10ff4us9mg9 2025-04-05T18:10:00.839Z weekly 0.6 https://kqlsearch.com/query/MDO-BlockedURLs&cm94j3kq001orp10fgyt2z8vo 2025-04-05T18:09:55.216Z weekly 0.6 https://kqlsearch.com/query/MDI-ServiceAccounts&cm94j3f1b01oqp10f2fymxpqx 2025-04-05T18:09:47.998Z weekly 0.6 https://kqlsearch.com/query/MDE-PortableApps&cm94j32ws01opp10fty6nfgal 2025-04-05T18:09:32.283Z weekly 0.6 https://kqlsearch.com/query/Detecting%20domains%20where%20their%20emails%20will%20be%20routed%20to%20Junk%20folders%20due%20to%20new%20Outlook%20requirement&cm93gpi4901o0p10f4i1roauq 2025-04-05T00:15:13.249Z weekly 0.6 https://kqlsearch.com/query/DetectSuspiciousFociTokenLogins&cm8rn61yr01gfp10fpzw8vvvg 2025-03-27T17:42:49.052Z weekly 0.6 https://kqlsearch.com/query/Identify%20HotSpot%20connections%20shared%20via%20IPhone&cm8pw89jn01fip10ft4plxnw6 2025-03-26T12:20:56.380Z weekly 0.6 https://kqlsearch.com/query/Hunting%20IngressNightmare%20(CVSS%209.8)&cm8ogrbnx01elp10fr69w8x7o 2025-03-25T12:20:05.709Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Misconfigured%20EXO%20Transport%20Rules&cm8j4370h01b8p10fkvne6mmf 2025-03-21T18:26:33.664Z weekly 0.6 https://kqlsearch.com/query/Detect%20Active%20Exploitation%20of%20Critical%20Apache%20Tomcat%20RCE%20Vulnerability&cm8j42va501b7p10fgvgdlvcy 2025-03-21T18:26:18.460Z weekly 0.6 https://kqlsearch.com/query/ZDI-CAN-25373%20Windows%20Shortcut%20Exploit%20Abused%20Detection&cm8hohxeg01aap10fwhuq37fk 2025-03-20T18:22:20.865Z weekly 0.6 https://kqlsearch.com/query/HuntDeviceDiscoverySubnetRanges&cm8fus1j3018xp10f6opgfbhn 2025-03-19T11:42:38.269Z weekly 0.6 https://kqlsearch.com/query/7ZToSMBshare&cm8etxacu018gp10fb25lzmjp 2025-03-18T18:30:57.197Z weekly 0.6 https://kqlsearch.com/query/DeviceNetworkEvents-Uncommon%20process%20connection%20to%20cloudfront%20domain&cm8etemc2018fp10f10pxgur8 2025-03-18T18:16:26.256Z weekly 0.6 https://kqlsearch.com/query/unfolding-redirectors-using-urlclickevents-table&cm8egu78q0186p10f3kc23yen 2025-03-18T12:24:38.184Z weekly 0.6 https://kqlsearch.com/query/matching-url-redirectors-from-urlclickevents-table-with-openphish-external-threat-intel-source&cm8egu0x10185p10fahw8n5on 2025-03-18T12:24:29.835Z weekly 0.6 https://kqlsearch.com/query/matching-ip-redirectors-from-urlclickevents-table-with-urlhaus-external-threat-intel-source&cm8egtutl0184p10fcwb0eudg 2025-03-18T12:24:22.087Z weekly 0.6 https://kqlsearch.com/query/PrivilegedUnifiedIdentityInfo&cm8cp1w1a016zp10f9jk28dlv 2025-03-17T06:39:01.320Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Unauthorized%20RMM%20Instances%20in%20Your%20MDE%20Environment&cm8bz14xs016ip10f83z0s9qw 2025-03-16T18:30:36.351Z weekly 0.6 https://kqlsearch.com/query/Website%20Redirectors%20DeviceNetworkEvents&cm8akc28d015lp10fuur4es0p 2025-03-15T18:51:25.644Z weekly 0.6 https://kqlsearch.com/query/Kerberos%20Roasting%20Detection&cm8951dv3014op10fonf46ckd 2025-03-14T18:55:26.932Z weekly 0.6 https://kqlsearch.com/query/Detect%20unusual%26suspicious%20TTL%20values%20based%20on%20DNS%20Answers&cm88s8t56014fp10fa8st9v39 2025-03-14T12:57:18.473Z weekly 0.6 https://kqlsearch.com/query/Detect%20unusual%26suspicious%20RTT%20values%20based%20on%20DNS%20Answers&cm88s8lk7014ep10fis8vu3ko 2025-03-14T12:57:08.496Z weekly 0.6 https://kqlsearch.com/query/Detect%20Malicious%20answers%20by%20DNS%20queries&cm88s8eby014dp10fozcix9xk 2025-03-14T12:56:59.277Z weekly 0.6 https://kqlsearch.com/query/Detect%20Malicious%20URL%20answers%20by%20DNS%20queries&cm88s8580014cp10f13ch93ml 2025-03-14T12:56:47.321Z weekly 0.6 https://kqlsearch.com/query/Parsing-SignInLogsTables&cm88rr8ak014bp10fnu4r5adv 2025-03-14T12:43:38.299Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20Medusa%20Ransomware%20Detection&cm87p2fzh013mp10fitrm5ftn 2025-03-13T18:40:36.460Z weekly 0.6 https://kqlsearch.com/query/SuspiciousRunMRUentries&cm87oywxt013lp10f5ivrgbrb 2025-03-13T18:37:51.808Z weekly 0.6 https://kqlsearch.com/query/NodeJSSuspiciousExecutions&cm87c1btq013cp10fvvpa07jw 2025-03-13T12:35:49.405Z weekly 0.6 https://kqlsearch.com/query/CloudflaredArgoTunnelDNS&cm87c0pw8013bp10fmdj6kzvu 2025-03-13T12:35:20.982Z weekly 0.6 https://kqlsearch.com/query/DetectServiceAccLoginOnNewDevice&cm86kezlk012mp10fen7bgers 2025-03-12T23:42:37.494Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20Weekly%20OSINT%20Indicators%20Scan%2010032025&cm85wosf8012dp10fm37hrxbk 2025-03-12T12:38:23.970Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20LDAP%20Enumeration%20Detection&cm84ukxrl011op10flc89yn95 2025-03-11T18:51:38.711Z weekly 0.6 https://kqlsearch.com/query/End%20of%20Life%20Software%20with%20File%20Paths%20using%20TVM&cm83elfce010rp10fzhsrzvog 2025-03-10T18:36:21.462Z weekly 0.6 https://kqlsearch.com/query/Critical%20Vulnerability%20in%20Elastic%20Kibana&cm831x6iv010ip10fiyl5r5m1 2025-03-10T12:41:35.045Z weekly 0.6 https://kqlsearch.com/query/Detect%20CVE-2025-27607%20(CVSS%208.8)&cm81yyu9800ztp10f4on2ey5e 2025-03-09T18:31:07.284Z weekly 0.6 https://kqlsearch.com/query/psexecsvc.py%20detection&cm819ahz900zcp10fl8q4wqy0 2025-03-09T06:32:21.379Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Entra%20ID%20user%20created%20by%20unexpected%20actor&cm7yr4te100xrp10fyo8t0epp 2025-03-07T12:28:30.643Z weekly 0.6 https://kqlsearch.com/query/CVE-2025-22224%20(CVSS%209.3%20CRITICAL)%20Internet%20facing%20VMware%20server%20discovery&cm7yedwi900xip10fco1pz2d0 2025-03-07T06:31:39.574Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Zero-Day%20CVE-2025-21333%20Privilege%20Escalation&cm7xc4nx900wtp10flt12ds69 2025-03-06T12:40:43.144Z weekly 0.6 https://kqlsearch.com/query/ExposedTokens-OverviewOfTokenArtifcats&cm7xbyozi00wsp10fkuxmg5iu 2025-03-06T12:36:04.583Z weekly 0.6 https://kqlsearch.com/query/EnrichedEntraSignInLogs-TokenProtectionNetworkAccess&cm7xbye5g00wrp10fjmk1qm9t 2025-03-06T12:35:50.691Z weekly 0.6 https://kqlsearch.com/query/EnrichedEntraSignInLogs-SuspiciousTokenRequest&cm7xby4i500wqp10fbvvigo1m 2025-03-06T12:35:38.039Z weekly 0.6 https://kqlsearch.com/query/EnrichedEntraSignInLogs-RequestedTokenBySuspiciousRT&cm7xbxs7l00wpp10f88j046lh 2025-03-06T12:35:22.255Z weekly 0.6 https://kqlsearch.com/query/EnrichedEntraSignInLogs-GsaEnforcementByCaPolicy&cm7xbxhjc00wop10fi55e2ia1 2025-03-06T12:35:08.273Z weekly 0.6 https://kqlsearch.com/query/HuntADWSRequestsFromUnknownDevice&cm7wx70s000w7p10fosdk1sjr 2025-03-06T05:42:38.871Z weekly 0.6 https://kqlsearch.com/query/Hunting%20OneOnOne%20chats%20by%20Domains&cm7wmcuo600w6p10fs17t3i4w 2025-03-06T00:39:15.269Z weekly 0.6 https://kqlsearch.com/query/SLA%20-%20TimeToRespond&cm7t1gda600tzp10fmyqoane5 2025-03-03T12:30:48.742Z weekly 0.6 https://kqlsearch.com/query/System%C2%A0Age%20and%20Update%20Status%C2%A0Analysis&cm7p2bto200rap10fbd5x5zsp 2025-02-28T17:44:11.607Z weekly 0.6 https://kqlsearch.com/query/Identify%20Devices%20with%20Outdated%20BIOS&cm7p2bo8z00r9p10fa9qqcrmv 2025-02-28T17:44:04.738Z weekly 0.6 https://kqlsearch.com/query/Identify%20CPU%20Architecture%20Distribution&cm7p2bkjh00r8p10flcj4mbdw 2025-02-28T17:43:59.932Z weekly 0.6 https://kqlsearch.com/query/Find%20Devices%20with%20Multiple%20Physical%20Disks&cm7p2bhyn00r7p10ffnho163b 2025-02-28T17:43:56.438Z weekly 0.6 https://kqlsearch.com/query/Find%20Devices%20with%20BitLocker%20Not%20Enabled&cm7p2bcqf00r6p10ft5oxjklm 2025-02-28T17:43:49.813Z weekly 0.6 https://kqlsearch.com/query/Identifying%20domains%20added%20into%20browser%20security%20zones%20via%20CLI&cm7o1ruuh00qpp10ffw2t4j2z 2025-02-28T00:40:53.818Z weekly 0.6 https://kqlsearch.com/query/Exploring%20M365%20Accounts%20Investigation&cm7npaavq00qgp10f5l3h9gp7 2025-02-27T18:51:19.573Z weekly 0.6 https://kqlsearch.com/query/kerberos_failures&cm7nbn66p00q7p10foassmc00 2025-02-27T12:29:25.392Z weekly 0.6 https://kqlsearch.com/query/network_info_per_device&cm7nbmzdc00q6p10ffhz6ccd3 2025-02-27T12:29:16.410Z weekly 0.6 https://kqlsearch.com/query/Parsed%20User%20Agent&cm7m9ccr300php10fozdyic9t 2025-02-26T18:37:15.129Z weekly 0.6 https://kqlsearch.com/query/EDR%20and%20AV%20Killer%20-%20A%20Large%20Scale%20Driver%20Exploitation%20Detection&cm7ljceib00p0p10fiv3fnmua 2025-02-26T06:29:27.387Z weekly 0.6 https://kqlsearch.com/query/KQL%20to%20calculate%20Tenant%20External%20Recipient%20Rate%20Limit&cm7ktqofo00ojp10fnj9fded8 2025-02-25T18:32:43.572Z weekly 0.6 https://kqlsearch.com/query/EventLogTamperingRegistry&cm7ktm9ne00oip10fvwi6ymbo 2025-02-25T18:29:17.633Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-35250&cm7kgwufu00o9p10fnsfcac18 2025-02-25T12:33:36.280Z weekly 0.6 https://kqlsearch.com/query/Suspicious%20CLFS%20Driver%20Load&cm7kgwa8000o8p10ft6v9ab2r 2025-02-25T12:33:09.927Z weekly 0.6 https://kqlsearch.com/query/GoogleSheetsC2Query&cm7kgvqxh00o7p10fzml29fgi 2025-02-25T12:32:45.076Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20Weekly%20OSINT%20Indicators%20Scan%2024022025&cm7k3pqqc00nyp10f96lmtel2 2025-02-25T06:24:09.724Z weekly 0.6 https://kqlsearch.com/query/AADServicePrincipalSignInLogs-Unexpected%20authentication%20failure%20from%20service%20principal&cm7j1smcw00n9p10fvyobjuij 2025-02-24T12:42:38.612Z weekly 0.6 https://kqlsearch.com/query/GitLab%20Threat%20Intelligence%20Identified%2016%20Malicious%20Chrome%20extensions&cm7ioushu00n0p10fky2wrt38 2025-02-24T06:40:25.024Z weekly 0.6 https://kqlsearch.com/query/HuntMdeWithGsaEvents&cm7hx2es700mbp10fppcrlz02 2025-02-23T17:42:31.254Z weekly 0.6 https://kqlsearch.com/query/TLD%20by%20Count%20for%20DeviceNetworkEvents&cm7hlzoem00map10fgdi0yl2o 2025-02-23T12:32:27.829Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20AuthenticationMethodsUsed&cm7hll5rc00m9p10fssoeftuk 2025-02-23T12:21:10.474Z weekly 0.6 https://kqlsearch.com/query/M365%20Copilot%20Chat%20SafeLink%20Monitoring&cm7g6uwkb00lcp10f2ri5r2i6 2025-02-22T12:41:04.706Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Palo%20Alto%20Firewall%20Exploits&cm7f4x13m00knp10ftjz6bglq 2025-02-21T18:58:58.489Z weekly 0.6 https://kqlsearch.com/query/SuccessfulDeviceCodeAuthentication&cm7f4juhu00kmp10fcfhmhzen 2025-02-21T18:48:43.553Z weekly 0.6 https://kqlsearch.com/query/Hunting%20New%20Variant%20of%20Snake%20Keylogger&cm7edx5eb00k5p10fkn0zyj1h 2025-02-21T06:23:14.577Z weekly 0.6 https://kqlsearch.com/query/Most%20Recent%20Sign-in%20time%20for%20users%20in%20the%20last%2030%20days&cm7cm3t3800j0p10fcmr9svig 2025-02-20T00:36:49.795Z weekly 0.6 https://kqlsearch.com/query/IOCs%20for%20SmartApeSG%20fake%20browser%20update%20leads%20to%20NetSupport%20RAT%20and%20StealC&cm7clzf7000izp10flwvbf2jg 2025-02-20T00:33:25.012Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20Weekly%20OSINT%20Indicators%20Scan&cm7bwbh8400iip10fwt0m4hag 2025-02-19T12:34:57.499Z weekly 0.6 https://kqlsearch.com/query/Critical%20OpenSSH%20Vulnerabilities%20%E2%80%93%20Patch%20Prioritization&cm7al92mq00hlp10f9gtvs7e5 2025-02-18T14:37:23.321Z weekly 0.6 https://kqlsearch.com/query/Identifying%20Devices%20by%20Vendor%26Country%20based%20on%20Inbound%20Connections&cm7al6v7900hkp10fsw70frpf 2025-02-18T14:35:40.531Z weekly 0.6 https://kqlsearch.com/query/Identifying%20Devices%20by%20Vendor%20based%20on%20Inbound%20Connections&cm7al6o9400hjp10f6bxncgym 2025-02-18T14:35:31.375Z weekly 0.6 https://kqlsearch.com/query/EDR%20Evasion%20-%20Inject%20Shellcode%20via%20MSSQL%20CLR%20Assembly%20Detection&cm7a3nfna00hap10fxse8h4tz 2025-02-18T06:24:40.288Z weekly 0.6 https://kqlsearch.com/query/SuccessfulDeviceCodeAuthenticationUnmanagedDevice&cm79qfvi500h1p10fbx6x61oy 2025-02-18T00:14:52.581Z weekly 0.6 https://kqlsearch.com/query/KQLObfusGuard%20-%20Detecting%20ArgFuscator%20Obfuscation&cm77yfpbh00fwp10feajamik8 2025-02-16T18:23:09.291Z weekly 0.6 https://kqlsearch.com/query/Detecting%20WafflesExploits%20Shellcode%20in%20Image%20Files&cm77yfcmc00fvp10f5kzpest5 2025-02-16T18:22:52.835Z weekly 0.6 https://kqlsearch.com/query/The%20Hunt%20for%20Top%2010%20Self%20Hosted%20AI&cm766b1bk00eqp10ft3mpkchu 2025-02-15T12:27:55.991Z weekly 0.6 https://kqlsearch.com/query/identify-endpoints-with-critical-logged-on-users-and-shares-with-permission-set-to-everyone&cm71vz91200c1p10foriw6ppq 2025-02-12T12:27:45.397Z weekly 0.6 https://kqlsearch.com/query/Check%20link%20from%20email&cm70tlhmv00bcp10fjwugcq3a 2025-02-11T18:33:17.807Z weekly 0.6 https://kqlsearch.com/query/Check%20email&cm70tl2y200bbp10ff72rhb8o 2025-02-11T18:32:58.769Z weekly 0.6 https://kqlsearch.com/query/Monitoring%20Copilot%20Data%20Exfiltration%20via%20Graph%20API&cm70iecfg00b2p10fuv9ksoih 2025-02-11T13:19:48.692Z weekly 0.6 https://kqlsearch.com/query/Hunting%20for%20malicious%20login%20attempts%20based%20on%20basic%20authentication&cm70iamis00b1p10fjv1ypcg2 2025-02-11T13:16:55.298Z weekly 0.6 https://kqlsearch.com/query/LLM%20Hunting%20in%20a%20MDE%20Environment&cm703v5lw00asp10f63r29vf0 2025-02-11T06:32:58.915Z weekly 0.6 https://kqlsearch.com/query/Using%20GraphPreConsentExplorer%20data%20for%20Microsoft%20Graph%20Threat%20Hunting&cm6z1ktp400a3p10f9uj6g4uj 2025-02-10T12:41:11.511Z weekly 0.6 https://kqlsearch.com/query/Software%20Download%20Sites%20DeviceNetworkEvents&cm6xlpgss0096p10fvsw872vs 2025-02-09T12:29:08.043Z weekly 0.6 https://kqlsearch.com/query/Creation%20of%20spoof%20directories%20with%20Unicode%20characters&cm6v3x2jb007lp10f06j5w3t2 2025-02-07T18:35:37.365Z weekly 0.6 https://kqlsearch.com/query/HTTP%20Client%20Tools%20Exploitation%20for%20ATO%20Detection&cm6urayil007cp10filqmprzn 2025-02-07T12:42:30.332Z weekly 0.6 https://kqlsearch.com/query/AWS%20NoSuchBucket%20Check&cm6tbi6lk006fp10fum4370px 2025-02-06T12:32:27.217Z weekly 0.6 https://kqlsearch.com/query/Entra%20QR%20Code%20Sign-In%20KQL%20Detection&cm6syxcbn0066p10fq7ibe16m 2025-02-06T06:40:19.617Z weekly 0.6 https://kqlsearch.com/query/Defender%20XDR%20Custom%20Detection%20Modifications&cm6s9bv6x005pp10f2gv7bn46 2025-02-05T18:43:47.088Z weekly 0.6 https://kqlsearch.com/query/Antivirus%20Domains%20-%20MDE%20DeviceNetworkEvents&cm6rvvhaw005gp10ftkvjti2w 2025-02-05T12:27:07.735Z weekly 0.6 https://kqlsearch.com/query/MDE-MMA-AgentCleanup&cm6rvjt7j005fp10fxagg9qb9 2025-02-05T12:18:03.294Z weekly 0.6 https://kqlsearch.com/query/MDE%20usage%20latest&cm6rix56n0056p10fwuyqhpr0 2025-02-05T06:24:30.187Z weekly 0.6 https://kqlsearch.com/query/MDE-Windows11-Issues-OS%20Build%2026100-2033&cm6riwc4c0055p10fjte68bft 2025-02-05T06:23:51.751Z weekly 0.6 https://kqlsearch.com/query/Windows%20OLE%20Zero-Click%20Vulnerability%20Let%20Attacker%20to%20Execute%20Arbitrary%20Code&cm6r6gsiv004wp10ftor8ik3r 2025-02-05T00:35:51.889Z weekly 0.6 https://kqlsearch.com/query/Crowdstrike%20Impersonation%20during%20Global%20Outage&cm6qh6bni004fp10fg4fccy5w 2025-02-04T12:47:53.062Z weekly 0.6 https://kqlsearch.com/query/BlockList%20Project%20DeviceNetworkEvents&cm6qh5wn5004ep10fnrn4v8tt 2025-02-04T12:47:33.609Z weekly 0.6 https://kqlsearch.com/query/Adult%20Content%20MDE%20DeviceNetworkEvents&cm6qh5kwe004dp10fq1so8lws 2025-02-04T12:47:18.540Z weekly 0.6 https://kqlsearch.com/query/Sysinternals%20Tools%20Zero%20Day%20Vulnerability%20Detection&cm6qh3l0q004cp10fr43v71ue 2025-02-04T12:45:45.385Z weekly 0.6 https://kqlsearch.com/query/Extracting%20bits%20of%20TCP%20Flags&cm6pr3m35003vp10f7w0w51nk 2025-02-04T00:37:56.600Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Azure%20RBAC%20Elevated%20Access&cm6pdnfk9003mp10f6em44mv6 2025-02-03T18:21:26.629Z weekly 0.6 https://kqlsearch.com/query/Active%20Directory%20Domain%20Services%20Elevation%20of%20Privilege%20Vulnerability%20(CVE-2025-21293)&cm6nlfg1m002hp10fncbbh01s 2025-02-02T12:23:38.745Z weekly 0.6 https://kqlsearch.com/query/ROSTI%20(Repackaged%20Open%20Source%20Intelligence)%20MDE%20Network%20Events%20IOC%20Hits&cm6mj4gfl001sp10fovakrprv 2025-02-01T18:31:20.624Z weekly 0.6 https://kqlsearch.com/query/ROSTI%20(Repackaged%20Open%20Source%20Intelligence)%20MDE%20File%20Events%20IOC%20Hits&cm6mj48z9001rp10flisd7jjc 2025-02-01T18:31:10.812Z weekly 0.6 https://kqlsearch.com/query/Hunting%20Rogue%20Endpoints%20via%20SMB%20Detection&cm6mj2ejh001qp10fb22rzt63 2025-02-01T18:29:44.707Z weekly 0.6 https://kqlsearch.com/query/Anonymous%20Email%20Sending%20Domains%20MDE%20Traffic&cm6lgmply0011p10ftky35kpb 2025-02-01T00:33:47.300Z weekly 0.6 https://kqlsearch.com/query/Global%20Admin%20Elevations%20To%20User%20Access%20Administrator%20at%20Root%20Level&cm6l551pl000sp10fjw0a7trl 2025-01-31T19:12:07.400Z weekly 0.6 https://kqlsearch.com/query/HuntCompromisedBrowserExtensions&cm6kp5iy5000bp10fw7ruyvc4 2025-01-31T11:44:35.883Z weekly 0.6 https://kqlsearch.com/query/CefToCommonSecurityLog&cm6kp5av1000ap10fs6jzu446 2025-01-31T11:44:25.252Z weekly 0.6 https://kqlsearch.com/query/DetectUserRequestTokenForAdminApp&cm6kp525x0009p10fwmzv0ghr 2025-01-31T11:44:14.131Z weekly 0.6 https://kqlsearch.com/query/DetectSuspiciousCaChanges&cm6kp4uku0008p10flwrcenla 2025-01-31T11:44:04.150Z weekly 0.6 https://kqlsearch.com/query/HuntNnrHealthIssues&cm6kp4ihp0007p10flf5l9pb5 2025-01-31T11:43:48.486Z weekly 0.6 https://kqlsearch.com/query/HuntPublicDevicesWithoutTag&cm6kp49f60006p10fvxssljaz 2025-01-31T11:43:36.880Z weekly 0.6 https://kqlsearch.com/query/HuntPublicDevicesWithTag&cm6kp41pd0005p10fthoumsgj 2025-01-31T11:43:26.731Z weekly 0.6 https://kqlsearch.com/query/HuntPublicDevicesOverTime&cm6kp3t750004p10f0d1c5v2l 2025-01-31T11:43:15.855Z weekly 0.6 https://kqlsearch.com/query/HuntOrganizeDevicesBySubnet&cm6kp3iyt0003p10flukj9c0k 2025-01-31T11:43:02.445Z weekly 0.6 https://kqlsearch.com/query/HuntDevicesSupportingMdeContainment&cm6kp32f70002p10fqblkokcb 2025-01-31T11:42:41.153Z weekly 0.6 https://kqlsearch.com/query/DetectTokenStealingWithWdac&cm6kp2t100001p10fsziiegnn 2025-01-31T11:42:28.829Z weekly 0.6 https://kqlsearch.com/query/DetectCveExploitForVulnerableDevice&cm6kp2jst0000p10fs8gd6gqb 2025-01-31T11:42:17.017Z weekly 0.6 https://kqlsearch.com/query/Windows%20File%20Explorer%20Elevation%20Of%20Privilege%20Vulnerability(CVE-2024-38100)%20Exploited&cm6k3jo4z00f5nw0fk62pxp28 2025-01-31T01:39:44.093Z weekly 0.6 https://kqlsearch.com/query/Detect%20Malicious%20Impersonation%20of%20Deepseek%20Domains%20in%20Email%20URLs&cm6iaz5jg00e0nw0fq9sa81b7 2025-01-29T19:32:11.446Z weekly 0.6 https://kqlsearch.com/query/Securing%20Your%20Azure%20Cloud%20-%20Finding%20the%20Weakest%20Link%20in%20Admin%20Endpoints&cm6g5s6t900cnnw0f0uuxf3cs 2025-01-28T07:31:16.069Z weekly 0.6 https://kqlsearch.com/query/RID%20Hijacking%20Technique%20and%20Detection&cm6e0lskh00banw0fnx6sfjac 2025-01-26T19:30:47.392Z weekly 0.6 https://kqlsearch.com/query/leveraging-spamhaus-drop-list-to-identify-suspicious-connections-in-commonsecuritylog-table&cm6dnl3xx00b1nw0f1uwerfer 2025-01-26T13:26:20.322Z weekly 0.6 https://kqlsearch.com/query/leveraging-spamhaus-drop-list-to-identify-delivered-emails-from-suspicious-source-ips&cm6dnkw5x00b0nw0fdarle3ke 2025-01-26T13:26:10.388Z weekly 0.6 https://kqlsearch.com/query/Azure%20Subscription%20Budget%20Deletion&cm6b5xk9b009fnw0fpt1d3m2q 2025-01-24T19:36:36.045Z weekly 0.6 https://kqlsearch.com/query/Hunting%20fake%20Reddit%20sites%20push%20Lumma%20Stealer%20malware%20-%20Part%202&cm6asn9dp0096nw0fg27myf8o 2025-01-24T13:24:40.379Z weekly 0.6 https://kqlsearch.com/query/AADNonInteractiveUserSignInLogs-Unexpected%20failures%20in%20non-interactive%20authentications%20from%20an%20app&cm6as3bmy0095nw0fg9u0jhvt 2025-01-24T13:09:10.036Z weekly 0.6 https://kqlsearch.com/query/Hunting%20fake%20Reddit%20sites%20push%20Lumma%20Stealer%20malware%20-%20Part%201&cm6afw8ir008wnw0f0hl675y3 2025-01-24T07:27:44.161Z weekly 0.6 https://kqlsearch.com/query/AADNonInteractiveUserSignInLogs-Unexpected%20authentication%20from%20Windows%20Azure%20Active%20Directory%20app&cm69qinfo008fnw0f4afukiz2 2025-01-23T19:37:19.906Z weekly 0.6 https://kqlsearch.com/query/EntraID%20-%20Suspicious%20activity%20reported&cm68n7xv7007qnw0f6wy5ybun 2025-01-23T01:17:15.037Z weekly 0.6 https://kqlsearch.com/query/EntraID%20-%20SSPR%20Configuration%20Changes&cm68n7tyo007pnw0fer9bygo5 2025-01-23T01:17:10.124Z weekly 0.6 https://kqlsearch.com/query/AzureAD-PIM-Group-Members&cm68n7l3a007onw0f235jrpp0 2025-01-23T01:16:58.480Z weekly 0.6 https://kqlsearch.com/query/AzureAD-EnterpriseApps-Disabled&cm68n7egt007nnw0f4zvakhix 2025-01-23T01:16:50.043Z weekly 0.6 https://kqlsearch.com/query/PowerShellExecutionsFromClipboard&cm68aikut007enw0fi7ztu28t 2025-01-22T19:21:36.531Z weekly 0.6 https://kqlsearch.com/query/Fortigate%20Belsen%20Leak%20KQL%20Check&cm67y7z9r0075nw0f9pa8whkp 2025-01-22T13:37:26.446Z weekly 0.6 https://kqlsearch.com/query/LastCheckInArcMachines&cm65fkemh005knw0fpfosih5i 2025-01-20T19:19:41.168Z weekly 0.6 https://kqlsearch.com/query/summarizing%20user%20searches%20outside%20of%20normal%20working%20hours%20that%20contains%20sensitive%20keywords%20(CISA)&cm652sdrz005bnw0fsnjnm7so 2025-01-20T13:21:58.462Z weekly 0.6 https://kqlsearch.com/query/identify%20mail%20items%20accessed%20by%20a%20specific%20IP%20address%20(CISA)&cm652s7lm005anw0fnefkb6cy 2025-01-20T13:21:50.306Z weekly 0.6 https://kqlsearch.com/query/Risky%20Sign-in%20Keyword%20Search%20(CISA)&cm652s0qs0059nw0f5dw9aa8n 2025-01-20T13:21:41.571Z weekly 0.6 https://kqlsearch.com/query/Display%20Teams%20participation%20duration%20of%20account%20associated%20with%20a%20suspicious%20IP%20address&cm652rtk50058nw0fq6h6wtu0 2025-01-20T13:21:32.109Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Windows%20Security%20Event%20Logs%20Cleaned&cm652ned20057nw0frlephbk7 2025-01-20T13:18:05.940Z weekly 0.6 https://kqlsearch.com/query/CVE-2025-21298%20Zero-Click%20RCE&cm64px7o2004ynw0fevzq896i 2025-01-20T07:21:48.817Z weekly 0.6 https://kqlsearch.com/query/OnboardedMachinesByResourceGroup&cm63zvdwn004hnw0fpdsy3ie0 2025-01-19T19:12:33.425Z weekly 0.6 https://kqlsearch.com/query/Sneaky%202FA%20MDO%20Detection&cm62l3tyl003knw0fa5ca501b 2025-01-18T19:31:27.063Z weekly 0.6 https://kqlsearch.com/query/visualizing-fortigate-cve-2022-40684-belsen-group-leaked-affected-ips&cm6162r7n002nnw0fcn871pnv 2025-01-17T19:42:56.577Z weekly 0.6 https://kqlsearch.com/query/KQLWiz%20PDF%20NTLM%20Leak%20Detector&cm5z0fzyq001anw0f2oeurp0c 2025-01-16T07:29:44.400Z weekly 0.6 https://kqlsearch.com/query/Ivanti%20Vulnerabilities%20CVE-2025-0282%20and%20CVE-2025-0283&cm5xxqxx8000lnw0f475i38xw 2025-01-15T13:26:29.801Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Base64%20Code%20in%20Commands&cm5xxqm0z000knw0f3qpe9zxi 2025-01-15T13:26:14.367Z weekly 0.6 https://kqlsearch.com/query/Azure%20P2S%20(Point%20to%20site)%20Connection%20Success%20username%20and%20IP%20Parser&cm5xkz7zq000bnw0fuapm9m4k 2025-01-15T07:29:01.236Z weekly 0.6 https://kqlsearch.com/query/%F0%9D%97%97%F0%9D%97%B2%F0%9D%98%81%F0%9D%97%B2%F0%9D%97%B0%F0%9D%98%81%F0%9D%97%B6%F0%9D%97%BB%F0%9D%97%B4%20%F0%9D%97%95%F0%9D%97%AE%F0%9D%98%80%F0%9D%97%B2%F0%9D%9F%B2%F0%9D%9F%B0%20%F0%9D%97%96%F0%9D%97%BC%F0%9D%97%B1%F0%9D%97%B2%20%F0%9D%97%B6%F0%9D%97%BB%20%F0%9D%97%96%F0%9D%97%BC%F0%9D%97%BA%F0%9D%97%BA%F0%9D%97%AE%F0%9D%97%BB%F0%9D%97%B1%F0%9D%98%80&cm5xkvo4p000anw0fs42lpyi0 2025-01-15T07:26:15.527Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Lumma%20Stealer%20commands&cm5xkvh960009nw0f1fpo7v1c 2025-01-15T07:26:06.469Z weekly 0.6 https://kqlsearch.com/query/CVES_Cases&cm5xkv6zo0008nw0fk1g938bd 2025-01-15T07:25:53.314Z weekly 0.6 https://kqlsearch.com/query/Hunting%20Aqua%20Blizzards&cm5xj8bx200055idwkw0wkr74 2025-01-15T06:40:06.996Z weekly 0.6 https://kqlsearch.com/query/MDO%20Email%20Threat%20Classification%20By%20ISP&cm5xj7v6l00045idwj1boq931 2025-01-15T06:39:45.308Z weekly 0.6 https://kqlsearch.com/query/MDO%20Email%20Threat%20Classification%20By%20Country&cm5xj7pvf00035idwelf4dh04 2025-01-15T06:39:38.417Z weekly 0.6 https://kqlsearch.com/query/Hunting%20fasthttp%20Bruteforce%20Campaign&cm5xj7gxw00025idwhhyf601r 2025-01-15T06:39:26.851Z weekly 0.6 https://kqlsearch.com/query/Hunting%20NonEuclid%20RAT&cm5xj79ui00015idwuf7sqdgz 2025-01-15T06:39:17.648Z weekly 0.6 https://kqlsearch.com/query/Hunt%20for%20High%20Volume%20Phish%20ISP&cm5xj73zs00005idw4wmusi4f 2025-01-15T06:39:10.069Z weekly 0.6 https://kqlsearch.com/query/SigninLogs-Potential%20compliant%20device%20bypass%20attempt&cm5o83j6100jbtj0fg38wxbe0 2025-01-08T18:18:31.604Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-43452%20PoC%20Detection&cm5m34usl00hytj0frr9mgt94 2025-01-07T06:24:02.885Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-49113%20-%20LDAPNightmare&cm5m2ug9m00hxtj0fdipgpwx7 2025-01-07T06:15:57.497Z weekly 0.6 https://kqlsearch.com/query/Resource%20Lock%20Deletion%20for%20Azure%20Monitor%20Rule&cm5i59n2z00fgtj0fv0ahlim8 2025-01-04T12:12:40.857Z weekly 0.6 https://kqlsearch.com/query/MachineOnboarded&cm5i4vhl800fftj0fzjqgcujl 2025-01-04T12:01:40.407Z weekly 0.6 https://kqlsearch.com/query/LDAPNightmare%20POC%20Detection&cm5gq3c3f00eitj0fzmv4lzfn 2025-01-03T12:20:06.120Z weekly 0.6 https://kqlsearch.com/query/Sentinel%20Incident%20Deletions&cm5fnbn0v00dttj0fxm0o2j3u 2025-01-02T18:14:48.504Z weekly 0.6 https://kqlsearch.com/query/Log%20Analytic%20Workspace%20Deletions&cm5fnbg5r00dstj0fz9545b6c 2025-01-02T18:14:39.754Z weekly 0.6 https://kqlsearch.com/query/Azure%20Monitor%20Rule%20Disabled&cm5e7uplf00cvtj0fl743il40 2025-01-01T18:13:58.418Z weekly 0.6 https://kqlsearch.com/query/Bring%20Your%20Own%20Minifilter%20-%20EDR%20Bypass&cm5d5hxdq00c6tj0fx7c5mivj 2025-01-01T00:20:16.572Z weekly 0.6 https://kqlsearch.com/query/Living%20Off%20The%20Tunnels%20IOCS&cm5bpz7oo00b9tj0f2peo6wm0 2024-12-31T00:18:03.047Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-AD%20unusual%20operation&cm5azuidq00astj0f850n89zg 2024-12-30T12:06:33.612Z weekly 0.6 https://kqlsearch.com/query/Hunting%20Malicious%20Chrome%20Extension&cm5anndpp00ajtj0ffls3oony 2024-12-30T06:25:05.431Z weekly 0.6 https://kqlsearch.com/query/CustomDetectionDisabled&cm5852vul008ytj0fv870vpp7 2024-12-28T12:09:43.868Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-3393%20DDOS%20Detection&cm56q42uv0081tj0f4e2dxv6v 2024-12-27T12:22:59.189Z weekly 0.6 https://kqlsearch.com/query/Rating%20ISPs%20to%20detect%20potential%20malicious%20domains%20sending%20threats&cm5608jo4007ktj0f1twxc7pl 2024-12-27T00:18:37.586Z weekly 0.6 https://kqlsearch.com/query/Detection%20of%20OOF%20message%20delivered%20externally&cm5608ex0007jtj0fiyuiphme 2024-12-27T00:18:31.279Z weekly 0.6 https://kqlsearch.com/query/Detect%20spoofed%20email%20cases&cm5608ag0007itj0fgqlh0kmg 2024-12-27T00:18:25.630Z weekly 0.6 https://kqlsearch.com/query/September_updates&cm5608513007htj0fb3bwh9k1 2024-12-27T00:18:18.614Z weekly 0.6 https://kqlsearch.com/query/Malicious%20Senders%20hidden%20behind%20anonymous%20proxies&cm5607v61007gtj0fytekyfnl 2024-12-27T00:18:05.832Z weekly 0.6 https://kqlsearch.com/query/Monitor%20Exclusion%20into%20Conditional%20Access%20Policies&cm51cygqa004jtj0fc8rktvew 2024-12-23T18:15:51.192Z weekly 0.6 https://kqlsearch.com/query/AnonymizedMicrosoftGraphActivityLogs&cm51co2bd004itj0fg4x9oyam 2024-12-23T18:07:46.104Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20TorConnections&cm4y540jd002htj0f1wiw072q 2024-12-21T12:12:54.690Z weekly 0.6 https://kqlsearch.com/query/Advanced%20Vishing%20KQL%20Detection&cm4uxn480000gtj0fhammt4qs 2024-12-19T06:20:30.622Z weekly 0.6 https://kqlsearch.com/query/UrlHaus%20Abuse.ch%20Hits%20in%20Microsoft%20Teams&cm4twge7e00mcmc0l2b00amad 2024-12-18T12:59:31.033Z weekly 0.6 https://kqlsearch.com/query/PowerShell%20Self-Pwn&cm4s4093o00l7mc0lprkceo3c 2024-12-17T06:55:22.489Z weekly 0.6 https://kqlsearch.com/query/RansomwareToolMatrix%20Defender%20Lookup&cm4rdw7wg00kqmc0lcglgvsv4 2024-12-16T18:44:24.303Z weekly 0.6 https://kqlsearch.com/query/Hunting%20for%20registry%20artifacts%20of%20service%20creation&cm4ngshme00i9mc0l5r2oexqj 2024-12-14T00:54:24.565Z weekly 0.6 https://kqlsearch.com/query/Hunting%20for%20process%20command%20line%20artifacts%20of%20service%20creation&cm4ngsds800i8mc0lcer4zjud 2024-12-14T00:54:19.591Z weekly 0.6 https://kqlsearch.com/query/Identify%20Programs%20Set%20to%20Auto-Run%20at%20Startup&cm4n2cqc700hrmc0l2uw2wzmb 2024-12-13T18:10:14.742Z weekly 0.6 https://kqlsearch.com/query/Check%20if%20TPM%202.0%20is%20available&cm4n2ck2400hqmc0l8vo8w1y5 2024-12-13T18:10:06.458Z weekly 0.6 https://kqlsearch.com/query/Identify%20Top%20Disk%20IO%20Processes&cm4n2cf8z00hpmc0lb6ndeay7 2024-12-13T18:10:00.371Z weekly 0.6 https://kqlsearch.com/query/Flag%20Processes%20With%20Disproportionately%20Large%20Virtual%20Memory%20Usage&cm4n2cb2h00homc0lyxab5acw 2024-12-13T18:09:54.952Z weekly 0.6 https://kqlsearch.com/query/Find%20Processes%20With%20Unusually%20High%20Thread%20or%20Handle%20Counts&cm4n2c6ot00hnmc0lqbj0yk33 2024-12-13T18:09:49.130Z weekly 0.6 https://kqlsearch.com/query/Old%20BIOS%20Versions&cm4n2brr800hmmc0lnww2e7ud 2024-12-13T18:09:29.923Z weekly 0.6 https://kqlsearch.com/query/DocuShield%20-%20NRT%20Anti-Impersonation%20Email%20Purge&cm4lonn7900gxmc0lat0dfhsm 2024-12-12T18:59:03.091Z weekly 0.6 https://kqlsearch.com/query/MicrosoftGraphActivityLogs%20missing%20logs&cm4lo7lz200gwmc0l4wvhchhu 2024-12-12T18:46:34.861Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Teams%20Red%20Team%20Tool%20ConvoC2&cm4k9a28800g7mc0lkni4kfkx 2024-12-11T19:00:48.967Z weekly 0.6 https://kqlsearch.com/query/Hunting%20Zloader%20DNS%20Tunneling&cm4jvwmtg00fymc0lfigzlgw1 2024-12-11T12:46:27.317Z weekly 0.6 https://kqlsearch.com/query/Monitoring%20M.Teams%20activities%20such%20as%20shared%20URLs%2C%20OneToOne%20chats%20and%20Domains%20participating%20into%20meetings&cm4itbaq800f9mc0l78x2xl8g 2024-12-10T18:46:06.608Z weekly 0.6 https://kqlsearch.com/query/%22UrlHaus%20Abuse.ch%20Hits%20in%20Microsoft%20Teams&cm4itb4az00f8mc0lvd2jy7b1 2024-12-10T18:45:58.137Z weekly 0.6 https://kqlsearch.com/query/Enhanced%20Cloudflare%20Phishing%20Email%20Detections&cm4igh8ra00ezmc0ljsgscmnv 2024-12-10T12:46:48.838Z weekly 0.6 https://kqlsearch.com/query/AzureDevOps%20-%20CodeRecommendations&cm4hqubd000eimc0ld5gr6yfw 2024-12-10T00:49:08.867Z weekly 0.6 https://kqlsearch.com/query/Behaviour%20-%20SuspiciousNamedPipes&cm4hdlh7u00e9mc0lw6qa6l60 2024-12-09T18:38:21.545Z weekly 0.6 https://kqlsearch.com/query/Detect%20Black%20Basta%20Ransomware%20Campaign%20RMMTools%20Deployment&cm4h0yois00e0mc0lg853mppr 2024-12-09T12:44:42.387Z weekly 0.6 https://kqlsearch.com/query/Detect%20DefenderXDR%20services%20and%20features%20disabled%20on%20devices&cm4gb3us600djmc0lvf4u2cya 2024-12-09T00:40:53.909Z weekly 0.6 https://kqlsearch.com/query/BlueAlpha%20GammaDrop%20Detection&cm4dsyxt800bymc0l2amjubpy 2024-12-07T06:37:39.115Z weekly 0.6 https://kqlsearch.com/query/New%20URL%20File%20NTLM%20Hash%20Disclosure%20Vulnerability%20Detection%20(0day)&cm4dg9awy00bpmc0lawbnuai1 2024-12-07T00:41:47.649Z weekly 0.6 https://kqlsearch.com/query/Email%20Events%20from%20Email%20Providers&cm4d3uydu00bgmc0l56sqvfio 2024-12-06T18:54:42.586Z weekly 0.6 https://kqlsearch.com/query/Hunting%20malicious%20oauth%20grant%20by%20phished%20user&cm4bbf5nm00abmc0lgs01rc6o 2024-12-05T12:50:50.337Z weekly 0.6 https://kqlsearch.com/query/identify-non-compliant-controls-with-relevant-remediation-actions&cm4bb99tq00aamc0ls4t1l1pn 2024-12-05T12:46:15.644Z weekly 0.6 https://kqlsearch.com/query/identify-and-summarize-processor-families-in-your-environment&cm4bb94fh00a9mc0lcbebptn9 2024-12-05T12:46:08.812Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20ActiveCISAKEV&cm495qqyf008wmc0lu5tp87ag 2024-12-04T00:36:20.966Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Abuse%20of%20Wevtutil.exe%20in%20LOLBAS%20Attacks&cm483xqk70087mc0l81wgz8m9 2024-12-03T06:58:01.782Z weekly 0.6 https://kqlsearch.com/query/Classifying%20Browser%20Extension%20by%20Type%20and%20risk%20severity&cm47qq2md007ymc0ldul8ipna 2024-12-03T00:48:09.156Z weekly 0.6 https://kqlsearch.com/query/Any.Run%20Corrupt%20File%20Zero%20Day%20Attack&cm47dxfgb007pmc0lqwxy9uaq 2024-12-02T18:49:57.370Z weekly 0.6 https://kqlsearch.com/query/LargeNumberOfAnalyticsRulesDeleted&cm47dnt95007omc0lfsri69gj 2024-12-02T18:42:28.552Z weekly 0.6 https://kqlsearch.com/query/Sentinel%20Timeroasting%20KQL%20detection&cm46o4s4d0077mc0ltqndvh12 2024-12-02T06:47:50.218Z weekly 0.6 https://kqlsearch.com/query/Sentinel%20KQL%20Detection%20for%20ShadowHound&cm45lk3ar006imc0liyrbuzao 2024-12-01T12:47:59.520Z weekly 0.6 https://kqlsearch.com/query/InboundAuthenticationFromPublicIP&cm45l9gvi006hmc0les58lh4v 2024-12-01T12:39:44.045Z weekly 0.6 https://kqlsearch.com/query/Audit%20Justifications%20for%20PIM%20Requests&cm44j2dil005smc0lpvkomory 2024-11-30T18:50:27.693Z weekly 0.6 https://kqlsearch.com/query/Disabling%20Global%20Secure%20Access%20by%20Registry&cm44j21b8005rmc0lz5pqdgbq 2024-11-30T18:50:11.875Z weekly 0.6 https://kqlsearch.com/query/Hunting%20Rockstar%202FA&cm433j0rv004umc0lywf39qqf 2024-11-29T18:47:44.298Z weekly 0.6 https://kqlsearch.com/query/Social%20Engineering%20Attack%20Monitor%20-%20Teams%20%26%20Emails&cm42djfoq004dmc0lxtac2fwl 2024-11-29T06:40:13.609Z weekly 0.6 https://kqlsearch.com/query/AADSignInEventsBeta%20-%20Suspicious%20User%20agent&cm41bafn5003omc0lawkttvvj 2024-11-28T12:49:28.241Z weekly 0.6 https://kqlsearch.com/query/CloudApp%20Suspicious%20Copilot%20Agent%20Detection&cm3zvzrkd002rmc0lzaugay86 2024-11-27T12:53:30.061Z weekly 0.6 https://kqlsearch.com/query/Endpoint%20SMB%20exposed%20on%20Public%20Internet&cm3y3cdt1001mmc0loqvaw3ui 2024-11-26T06:43:43.571Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Unusual%20anomaly&cm3x0z37e000xmc0lmfmpl0uh 2024-11-25T12:49:38.041Z weekly 0.6 https://kqlsearch.com/query/get-to-know-your-misp-threat-intelligence-feed&cm3wbd1pi000gmc0l2d9uu74x 2024-11-25T00:52:39.269Z weekly 0.6 https://kqlsearch.com/query/office%20Add-in%20Installs&cm3vwrcef000v5ieomukchxn3 2024-11-24T18:03:52.070Z weekly 0.6 https://kqlsearch.com/query/Temporary%20Email%20Addresses&cm3vwr7v7000u5ieo9gf3lmtl 2024-11-24T18:03:46.184Z weekly 0.6 https://kqlsearch.com/query/Suspicious%20File%20Extension%20Upload%20to%20Office%20365&cm3vwr371000t5ieo5prpdjtb 2024-11-24T18:03:40.140Z weekly 0.6 https://kqlsearch.com/query/OnionMail%20EmailAddresses&cm3vwqyty000s5ieo8wccmxz9 2024-11-24T18:03:34.485Z weekly 0.6 https://kqlsearch.com/query/CockLi%20Abused%20Email%20Provider&cm3vwqscn000r5ieohdyzz4vk 2024-11-24T18:03:26.075Z weekly 0.6 https://kqlsearch.com/query/SignIns%20with%20Country%20Name&cm3vwqnjw000q5ieouefh32fi 2024-11-24T18:03:19.867Z weekly 0.6 https://kqlsearch.com/query/Get%20Tenant%20ID%20for%20Given%20Domain&cm3vwqdes000p5ieo7irhj3jk 2024-11-24T18:03:06.713Z weekly 0.6 https://kqlsearch.com/query/Entra%20Smart%20Lockout%20Tampering&cm3vwq7uh000o5ieozpr1vzv4 2024-11-24T18:02:59.512Z weekly 0.6 https://kqlsearch.com/query/Creation%20of%20new%20Azure%20Tenant&cm3vwpy5z000n5ieodnocha5l 2024-11-24T18:02:46.966Z weekly 0.6 https://kqlsearch.com/query/Audit%20Justifications%20for%20Self%20Approval%20PIM%20Requests&cm3vwpsed000m5ieo5xdm3l0l 2024-11-24T18:02:39.492Z weekly 0.6 https://kqlsearch.com/query/Unsigned%20script%20execution%20enabled%20for%20live%20response&cm3vwpmos000l5ieof3rdvkd6 2024-11-24T18:02:32.081Z weekly 0.6 https://kqlsearch.com/query/USB_Data_Exfiltration&cm3vwpflu000k5ieo6jdxy6uj 2024-11-24T18:02:22.913Z weekly 0.6 https://kqlsearch.com/query/Total%20Device%20Risk%20Score&cm3vwp7ip000j5ieomfxbl4sl 2024-11-24T18:02:12.422Z weekly 0.6 https://kqlsearch.com/query/Streaming%20Sites%20-%20DeviceNetworkEvents&cm3vwot02000i5ieokif6lqx2 2024-11-24T18:01:53.607Z weekly 0.6 https://kqlsearch.com/query/Remote%20Management%20Tools%20(RMM)%20-%20DeviceNetworkEvents%20Domains&cm3vwomx4000h5ieoejkua7g1 2024-11-24T18:01:45.736Z weekly 0.6 https://kqlsearch.com/query/Potentially%20Unsanctioned%20Application%20Usage&cm3vwog2b000g5ieod04bc0h1 2024-11-24T18:01:36.841Z weekly 0.6 https://kqlsearch.com/query/Potentially%20Ungoverned%20AI%20Domains%20such%20as%20chatgpt&cm3vwo8ez000f5ieoshessyjo 2024-11-24T18:01:26.938Z weekly 0.6 https://kqlsearch.com/query/Potential%20Credential%20Dumping&cm3vwo3bx000e5ieopww9vp2y 2024-11-24T18:01:20.349Z weekly 0.6 https://kqlsearch.com/query/Piracy%20Domains%20-%20DeviceNetworkEvents&cm3vwnx68000d5ieo0avinphr 2024-11-24T18:01:12.367Z weekly 0.6 https://kqlsearch.com/query/Personal%20Messaging%20Domains%20-%20DeviceNetworkEvents&cm3vwnln1000c5ieo875ueyw4 2024-11-24T18:00:57.410Z weekly 0.6 https://kqlsearch.com/query/Paste%20and%20Anonymous%20File%20Transfer%20Sites%20-%20DeviceNetworkEvents&cm3vwnc66000b5ieocjoxggph 2024-11-24T18:00:45.148Z weekly 0.6 https://kqlsearch.com/query/MDA%20Blocks%20by%20Application%20and%20URL&cm3vwn3y4000a5ieo70o18qtq 2024-11-24T18:00:34.481Z weekly 0.6 https://kqlsearch.com/query/Gaming%20Domains%20-%20DeviceNetworkEvents&cm3vwmvtb00095ieo6y96hw42 2024-11-24T18:00:23.949Z weekly 0.6 https://kqlsearch.com/query/Exploitable_CVE_AllDevices&cm3vwmpuq00085ieo3gpnfbst 2024-11-24T18:00:16.224Z weekly 0.6 https://kqlsearch.com/query/Devices%20with%20the%20most%20known%20exploited%20vulnerabilities&cm3vwmj3q00075ieogrb1k63w 2024-11-24T18:00:07.476Z weekly 0.6 https://kqlsearch.com/query/Detect%20Tor%20DNS%20request&cm3vwmds500065ieo0yruizgh 2024-11-24T18:00:00.579Z weekly 0.6 https://kqlsearch.com/query/Consumer%20VPN%20Domains%20-%20DeviceNetworkEvents&cm3vwm8ka00055ieowim0c9bc 2024-11-24T17:59:53.817Z weekly 0.6 https://kqlsearch.com/query/Connections%20to%20abused%20TLDs%20-%20DeviceNetworkEvents&cm3vwm2kb00045ieoc6dd5fq7 2024-11-24T17:59:46.031Z weekly 0.6 https://kqlsearch.com/query/CVE%20Check%20with%20Software%20Evidence&cm3vwlvae00035ieohcx9icpf 2024-11-24T17:59:36.611Z weekly 0.6 https://kqlsearch.com/query/Browser%20Extension%20Downloads%20using%20DeviceFileEvents&cm3vwlobg00025ieox93vw2fv 2024-11-24T17:59:27.568Z weekly 0.6 https://kqlsearch.com/query/Browser%20Domains%20-%20DeviceNetworkEvents&cm3vwliry00015ieojjeplhu7 2024-11-24T17:59:20.396Z weekly 0.6 https://kqlsearch.com/query/Anti-lock%20or%20Idle%20Software&cm3vwlcov00005ieo8u0jsaot 2024-11-24T17:59:12.497Z weekly 0.6 https://kqlsearch.com/query/Hunting%20Malicious%20Copilot%20Agent&cm3vpygcq00015izw6bxvg3y9 2024-11-24T14:53:26.473Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Phishing%20Emails%20with%20Cloudflare%20R2%20URLs&cm3vpya3900005izw3237lady 2024-11-24T14:53:18.345Z weekly 0.6 https://kqlsearch.com/query/Rating%20ISP%20to%20detect%20potential%20attacks%20and%20IOCs%20source&cm3rs37e800dnmc0ty3cj8iid 2024-11-21T20:42:02.515Z weekly 0.6 https://kqlsearch.com/query/Email%20Campaign%20-%20Exploiting%20SVG%20Files%20and%20trycloudflare.com%20to%20Spread%20Malware&cm3r1xdgh00d6mc0tk9ewh7nk 2024-11-21T08:29:40.425Z weekly 0.6 https://kqlsearch.com/query/ClickFix%20social%20engineering%20attack%20detection&cm3pn4l6i00c9mc0tntr7iwih 2024-11-20T08:47:36.761Z weekly 0.6 https://kqlsearch.com/query/Detecting%20BrazenBamboo's%20FortiClient%20Exploit%20-%20A%20KQL%20Approach&cm3okb8ss00bkmc0tlg0pe9ht 2024-11-19T14:41:02.283Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-0012%20PAN-OS%20-%20Authentication%20Bypass%20in%20the%20Management%20Web%20Interface&cm3nhrhz000avmc0tbkj4z1ha 2024-11-18T20:41:55.343Z weekly 0.6 https://kqlsearch.com/query/AzureDevOps%20-%20Third-Party%20application%20Access%20via%20OAuth&cm3nhhb1a00aumc0tehfhf3hm 2024-11-18T20:34:00.091Z weekly 0.6 https://kqlsearch.com/query/AzureDevOps%20-%20SSH%20Authentication&cm3nhh62c00atmc0th2t3me8e 2024-11-18T20:33:53.651Z weekly 0.6 https://kqlsearch.com/query/AzureDevOps%20-%20Log%20Audit%20Events&cm3nhh1uu00asmc0to0gp0357 2024-11-18T20:33:48.053Z weekly 0.6 https://kqlsearch.com/query/AzureDevOps%20-%20External%20Guest%20Access&cm3nhgwal00armc0th4s2kpcm 2024-11-18T20:33:40.988Z weekly 0.6 https://kqlsearch.com/query/AzureDevOps%20-%20Enable%20IP%20Conditional%20Access%20policy%20validation&cm3nhgomq00aqmc0tpqjzp6i6 2024-11-18T20:33:30.911Z weekly 0.6 https://kqlsearch.com/query/AzureDevOps%20-%20Allow%20Public%20Projects&cm3nhgk3v00apmc0tw5i4890h 2024-11-18T20:33:25.193Z weekly 0.6 https://kqlsearch.com/query/AzureDevOps%20-%20Additional%20Protection%20when%20using%20public%20package%20registries&cm3nhgcdy00aomc0t07rz261u 2024-11-18T20:33:14.904Z weekly 0.6 https://kqlsearch.com/query/Brands%20Impersonation%20Phishing%20Trend&cm3mrw7m400a7mc0t0gzr45wr 2024-11-18T08:37:45.338Z weekly 0.6 https://kqlsearch.com/query/Innovative%20Detection%20Techniques%20Against%20ZIP%20Concatenation%20Attacks&cm3m1tygz009qmc0tu32pjq3t 2024-11-17T20:28:10.164Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-49039%20Windows%20Task%20Scheduler%20Elevation%20of%20Privilege%20Vulnerability&cm3iu7vh4007pmc0tsi877fgv 2024-11-15T14:31:44.151Z weekly 0.6 https://kqlsearch.com/query/Monitor%20break%20the%20glass%20Groups&cm3iu2y9b007omc0t0xvt1rsz 2024-11-15T14:27:54.335Z weekly 0.6 https://kqlsearch.com/query/Monitor%20Privileged%20Role%20Assignments&cm3iu2r07007nmc0t520k52lw 2024-11-15T14:27:45.078Z weekly 0.6 https://kqlsearch.com/query/Missing%20DlpRuleMatch%20entities%20in%20CloudAppEvents&cm3itp8cp007mmc0tqu8pedto 2024-11-15T14:17:14.234Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Unusual%20authentication%20failure%20status&cm3hrkf9z006xmc0to5b6w8j5 2024-11-14T20:29:44.497Z weekly 0.6 https://kqlsearch.com/query/DnsEvents-Possible%20DNSRecon%20query&cm3heju1n006omc0tc4z4ftxv 2024-11-14T14:25:21.992Z weekly 0.6 https://kqlsearch.com/query/BigYellowTaxi%20-%20SignIn&cm3gc9wok005zmc0tgcqha9yc 2024-11-13T20:33:53.445Z weekly 0.6 https://kqlsearch.com/query/Weird%20DNS%20queries&cm3gc4b7f005ymc0tmf37xv73 2024-11-13T20:29:32.333Z weekly 0.6 https://kqlsearch.com/query/Monitoring%20Cross-Tenant%20Abuse%20by%20Threat%20Actors&cm3fzmal5005pmc0tk0diigv3 2024-11-13T14:39:36.331Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-43451%20Zero-Day%20(NTLM%20Hash%20Disclosure%20Spoofing%20Vulnerability)&cm3fmd6m4005gmc0tmtc1gzcc 2024-11-13T08:28:36.411Z weekly 0.6 https://kqlsearch.com/query/Detecting%20FIDO2%20Passkey%20Abuse&cm3ekotg4004rmc0tlesbbqlj 2024-11-12T14:53:53.810Z weekly 0.6 https://kqlsearch.com/query/Phishing%20by%20Design%20Two-Step%20Attacks%20Using%20vsdx%20Files&cm3e78trj004imc0tbqe7bq2q 2024-11-12T08:37:32.629Z weekly 0.6 https://kqlsearch.com/query/DnsEvents-Unusual%20DNS%20query%20type%20of%20internal%20domain&cm3dh07vp0041mc0tqe13g6hi 2024-11-11T20:23:01.092Z weekly 0.6 https://kqlsearch.com/query/Zscaler%20Registry%20Tampering%20Detection&cm3bo4n7z002omc0teky967fl 2024-11-10T14:06:52.558Z weekly 0.6 https://kqlsearch.com/query/Zscaler%20Private%20Access%20Data%20Gap%20Detection&cm3bo4k4e002nmc0tl5dvzpwt 2024-11-10T14:06:48.541Z weekly 0.6 https://kqlsearch.com/query/Zscaler%20Internet%20Access%20Data%20Gap%20Detection&cm3bo4g8j002mmc0tl3f8bmqs 2024-11-10T14:06:43.364Z weekly 0.6 https://kqlsearch.com/query/ZAP%20Email%20Click%20Detection&cm3bo4cwd002lmc0tdz7psp1m 2024-11-10T14:06:39.180Z weekly 0.6 https://kqlsearch.com/query/Windows%20Security%20Log%20Enumeration%20Detection&cm3bo48ds002kmc0tezilk5fj 2024-11-10T14:06:33.327Z weekly 0.6 https://kqlsearch.com/query/WiFi%20Password%20Dumping%20Detection&cm3bo43oj002jmc0tdaqt0fvg 2024-11-10T14:06:27.091Z weekly 0.6 https://kqlsearch.com/query/Vulnerable%20Inactive%20Devices%20Detection&cm3bo405o002imc0tabjyxcjf 2024-11-10T14:06:22.667Z weekly 0.6 https://kqlsearch.com/query/VIP%20Mailbox%20Permission%20Change%20Detection&cm3bo3v1h002hmc0tajaggq4g 2024-11-10T14:06:16.035Z weekly 0.6 https://kqlsearch.com/query/VBScript%20Usage%20Detection&cm3bo3plu002gmc0tk6bw0zab 2024-11-10T14:06:08.993Z weekly 0.6 https://kqlsearch.com/query/User%20Application%20Brute%20Force%20Detection&cm3bo3hzd002fmc0tm7xmhnj6 2024-11-10T14:05:59.111Z weekly 0.6 https://kqlsearch.com/query/UrlClickEvents%20to%20OpenPhish%20URL&cm3bo3dsc002emc0trlxb3za5 2024-11-10T14:05:53.675Z weekly 0.6 https://kqlsearch.com/query/Unusual%20Software%20Certificate%20Detection&cm3bo382v002dmc0tyqzfy5sh 2024-11-10T14:05:46.278Z weekly 0.6 https://kqlsearch.com/query/URL%20Download%20Source%20Finder&cm3bo32a3002cmc0tbvka25yk 2024-11-10T14:05:38.620Z weekly 0.6 https://kqlsearch.com/query/TrustedInstaller%20Abuse%20Detection&cm3bo2yim002bmc0th9m1kf70 2024-11-10T14:05:33.885Z weekly 0.6 https://kqlsearch.com/query/TI%20Volexity%20Feed%20Urls%20in%20EmailUrlInfo&cm3bo2uo4002amc0tsvsdhn6z 2024-11-10T14:05:28.899Z weekly 0.6 https://kqlsearch.com/query/TI%20User%20Risk%20Event%20IP%20in%20Firehol%20IPset%20List&cm3bo2qgi0029mc0t8hj5o1s4 2024-11-10T14:05:23.299Z weekly 0.6 https://kqlsearch.com/query/TI%20Urlhaus%20Feed%20Hit%20in%20EmailUrlInfo&cm3bo2kvs0028mc0t6vrdfith 2024-11-10T14:05:16.215Z weekly 0.6 https://kqlsearch.com/query/TI%20TweetFeed%20URLs%20in%20Emails&cm3bo2fj50027mc0toyah4efp 2024-11-10T14:05:09.280Z weekly 0.6 https://kqlsearch.com/query/TI%20PhishingArmy%20Hit%20in%20EmailUrlInfo&cm3bo2ax90026mc0tr3u6svix 2024-11-10T14:05:03.166Z weekly 0.6 https://kqlsearch.com/query/TI%20NetworkEvents%20listed%20on%20Threatfox%20abuse.ch&cm3bo277p0025mc0t52rq943g 2024-11-10T14:04:58.500Z weekly 0.6 https://kqlsearch.com/query/TI%20NetworkEvent%20with%20Urlhaus%20abuse.ch%20Hit&cm3bo23pe0024mc0tgh8a30b8 2024-11-10T14:04:53.953Z weekly 0.6 https://kqlsearch.com/query/TI%20Malicious%20Connection%20to%20Firehol%20Ipset%20List&cm3bo1yc20023mc0trehdkzzf 2024-11-10T14:04:46.839Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20AbuseCH%20Malicious%20Hash&cm3bo1oab0022mc0t16bbx2ue 2024-11-10T14:04:33.954Z weekly 0.6 https://kqlsearch.com/query/TI%20Botvrji%20Url%20in%20EmailUrlInfo&cm3bo1iqx0021mc0tbfe1wkk8 2024-11-10T14:04:26.650Z weekly 0.6 https://kqlsearch.com/query/Suspicious%20Directory%20Sync%20Account%20Sign%20ins&cm3bo1eoe0020mc0tid2j73uz 2024-11-10T14:04:21.517Z weekly 0.6 https://kqlsearch.com/query/Shadow%20Credentials%20Attack%20Detection&cm3bo18rx001zmc0tu2jtjh3b 2024-11-10T14:04:13.867Z weekly 0.6 https://kqlsearch.com/query/Server%20Domain%20Firewall%20Profile%20Check&cm3bo142l001ymc0tthtqku08 2024-11-10T14:04:07.772Z weekly 0.6 https://kqlsearch.com/query/Sent%20Items%20Deletion%20Detection&cm3bo10xu001xmc0tuz9wn2mv 2024-11-10T14:04:03.713Z weekly 0.6 https://kqlsearch.com/query/Safeboot%20Registry%20Modification%20Detection&cm3bo0vvh001wmc0ti5xg1ped 2024-11-10T14:03:57.148Z weekly 0.6 https://kqlsearch.com/query/STOP%20Ransomware%20Command%20Detection&cm3bo0si7001vmc0t94b8e0nu 2024-11-10T14:03:52.640Z weekly 0.6 https://kqlsearch.com/query/Rule%20Aggregation%20Template&cm3bo0owy001umc0ta19t1ccx 2024-11-10T14:03:48.129Z weekly 0.6 https://kqlsearch.com/query/Rogue%20Device%20Detection&cm3bo0jeq001tmc0tekvwfyw4 2024-11-10T14:03:40.993Z weekly 0.6 https://kqlsearch.com/query/Risky%20Sign%20in%20after%20UrlClick%20to%20MontySecurity%20GoPhish%20IP&cm3bo0e6z001smc0tl0bucb5e 2024-11-10T14:03:34.091Z weekly 0.6 https://kqlsearch.com/query/Risky%20Sign%20in%20after%20Tweetfeed%20URL%20IP%20Click&cm3bo09fg001rmc0t4ngwkb46 2024-11-10T14:03:28.054Z weekly 0.6 https://kqlsearch.com/query/Risky%20Sign%20in%20Followed%20by%20MFA%20Registration&cm3bo01hw001qmc0trv3ylk5g 2024-11-10T14:03:17.566Z weekly 0.6 https://kqlsearch.com/query/Related%20Processes%20via%20DeviceProcessEvents&cm3bnzuy5001pmc0t0joez41a 2024-11-10T14:03:09.292Z weekly 0.6 https://kqlsearch.com/query/RDP%20Toggle%20Lateral%20Movement%20Detection&cm3bnzqni001omc0tqif3ojg8 2024-11-10T14:03:03.725Z weekly 0.6 https://kqlsearch.com/query/Quasar%20RAT%20IOC%20Detection&cm3bnzlse001nmc0t9mabqwp5 2024-11-10T14:02:57.073Z weekly 0.6 https://kqlsearch.com/query/Purview%20Audit%20Search%20Monitoring&cm3bnzhzi001mmc0ti4spy8a5 2024-11-10T14:02:52.493Z weekly 0.6 https://kqlsearch.com/query/PowerShell%20Defensive%20Evasion%20Detection&cm3bnze4k001lmc0tnhuwu8sv 2024-11-10T14:02:47.491Z weekly 0.6 https://kqlsearch.com/query/Potential%20Phishing%20Hosting%20Site%20URL%20Clicks&cm3bnzb50001kmc0tk8p1hir5 2024-11-10T14:02:43.620Z weekly 0.6 https://kqlsearch.com/query/Password%20Success%20from%20Malicious%20IP&cm3bnz8ms001jmc0trluntfla 2024-11-10T14:02:40.208Z weekly 0.6 https://kqlsearch.com/query/Non%20Familiar%20DHCP%20Domains%20Detection&cm3bnyzq0001imc0t1xc2v0vj 2024-11-10T14:02:28.315Z weekly 0.6 https://kqlsearch.com/query/Nmap%20Reconnaissance%20Detection&cm3bnyvun001hmc0tgbqiuv13 2024-11-10T14:02:23.806Z weekly 0.6 https://kqlsearch.com/query/New%20Office%20365%20Activity%20Detection&cm3bnypy8001gmc0t09bdriqt 2024-11-10T14:02:16.015Z weekly 0.6 https://kqlsearch.com/query/New%20Entra%20ID%20Audit%20Operations%20Detection&cm3bnym7b001fmc0t2n70z7qs 2024-11-10T14:02:11.303Z weekly 0.6 https://kqlsearch.com/query/Network%20Services%20Port%20Protocol%20Mapping&cm3bnygy0001emc0t9ainnkqw 2024-11-10T14:02:04.487Z weekly 0.6 https://kqlsearch.com/query/Netskope%20Malicious%20CloudWorker%20Detection&cm3bnydao001dmc0tva45gduz 2024-11-10T14:01:59.617Z weekly 0.6 https://kqlsearch.com/query/MpCmdRun%20Custom%20Scan%20Path%20Detection&cm3bny8fb001cmc0tz8csx1ak 2024-11-10T14:01:53.446Z weekly 0.6 https://kqlsearch.com/query/Most%20Attacked%20VIPs&cm3bny3v2001bmc0t7ukei2vt 2024-11-10T14:01:47.533Z weekly 0.6 https://kqlsearch.com/query/Missing%20Recommended%20Security%20Updates%20Detection&cm3bnxx46001amc0tnxk09z6g 2024-11-10T14:01:38.647Z weekly 0.6 https://kqlsearch.com/query/Microsoft%20Phishing%20Subdomain%20Detection&cm3bnxt7x0019mc0tydg3nkzp 2024-11-10T14:01:33.740Z weekly 0.6 https://kqlsearch.com/query/MalwareBazaar%20Certificate%20Blocklist%20Detection&cm3bnxn4r0018mc0tixrlb7da 2024-11-10T14:01:25.850Z weekly 0.6 https://kqlsearch.com/query/Malware%20Sending%20Domains%20with%20Inbox%20Delivery&cm3bnxi680017mc0t3teqw6c3 2024-11-10T14:01:19.281Z weekly 0.6 https://kqlsearch.com/query/Malicious%20Zoom%20Installer%20Detection&cm3bnx93r0016mc0tzw0f99fp 2024-11-10T14:01:07.670Z weekly 0.6 https://kqlsearch.com/query/Malicious%20ISP%20Detection&cm3bnx5y60015mc0tq24jrxvc 2024-11-10T14:01:03.412Z weekly 0.6 https://kqlsearch.com/query/MDAV%20Scan%20Status%20None%20Cancelled%20Full%20Scans&cm3bnx0xh0014mc0tgsija4ua 2024-11-10T14:00:57.076Z weekly 0.6 https://kqlsearch.com/query/MDA%20Custom%20Warn%20Indicators%20Report&cm3bnww8j0013mc0t9etsaxfa 2024-11-10T14:00:50.994Z weekly 0.6 https://kqlsearch.com/query/Log%20Analytics%20Workspace%20Daily%20Ingestion&cm3bnwqp40012mc0t6r3wp74q 2024-11-10T14:00:43.635Z weekly 0.6 https://kqlsearch.com/query/Linux%20Privileged%20Command%20Detection&cm3bnwhmd0011mc0t3xjfgqqf 2024-11-10T14:00:32.052Z weekly 0.6 https://kqlsearch.com/query/Linux%20Nmap%20Reconnaissance%20Detection&cm3bnwdgc0010mc0tn1459x6l 2024-11-10T14:00:26.423Z weekly 0.6 https://kqlsearch.com/query/Linux%20MDE%20Missing%20Vulnerabilities%20Detection&cm3bnw9me000zmc0tht4ejnor 2024-11-10T14:00:21.685Z weekly 0.6 https://kqlsearch.com/query/Known%20Bad%20Hash%20Process%20Detection&cm3bnw5w1000ymc0twbqr9o34 2024-11-10T14:00:16.849Z weekly 0.6 https://kqlsearch.com/query/IOC%20Check%20in%20Multiple%20Sources&cm3bnw052000xmc0tx2u49x9c 2024-11-10T14:00:09.255Z weekly 0.6 https://kqlsearch.com/query/Hanada%20Group%20Crowdstrike%20Impersonation%20Detection&cm3bnvuna000wmc0tb8igi1c4 2024-11-10T14:00:02.277Z weekly 0.6 https://kqlsearch.com/query/GraphStrike%20C2%20Beacon%20Detection&cm3bnvqxp000vmc0tiq71cbu9 2024-11-10T13:59:57.468Z weekly 0.6 https://kqlsearch.com/query/Fake%20CAPTCHA%20Campaign%20PowerShell%20Detection&cm3bnvmqi000umc0tckpzyl57 2024-11-10T13:59:51.878Z weekly 0.6 https://kqlsearch.com/query/FOCI%20Client%20ID%20Detection&cm3bnvi2l000tmc0tcyp41gbd 2024-11-10T13:59:45.980Z weekly 0.6 https://kqlsearch.com/query/FIDO%20AAGUID%20Passkey%20Explorer&cm3bnvcz4000smc0ts948d4m7 2024-11-10T13:59:39.375Z weekly 0.6 https://kqlsearch.com/query/External%20Email%20Forwarding%20Rule%20Detection&cm3bnv7h9000rmc0trfpkdgrd 2024-11-10T13:59:32.110Z weekly 0.6 https://kqlsearch.com/query/External%20Device%20Logon%20Detection&cm3bnv3q2000qmc0t1zqnggf0 2024-11-10T13:59:27.385Z weekly 0.6 https://kqlsearch.com/query/Entra%20ID%20Service%20Principal%20Sign%20in%20Insights&cm3bnuyz9000pmc0tjk268wl0 2024-11-10T13:59:21.219Z weekly 0.6 https://kqlsearch.com/query/Enabled%20Account%20Password%20Spray%20Detection&cm3bnuvnh000omc0td4zry4k3 2024-11-10T13:59:16.782Z weekly 0.6 https://kqlsearch.com/query/Email%20TI%20Url%20listed%20on%20Threatfox%20in%20EmailUrlInfo&cm3bnupl1000nmc0trp0uqgb2 2024-11-10T13:59:09.060Z weekly 0.6 https://kqlsearch.com/query/Domain%20Extensions%20by%20Country%20Analysis&cm3bnuixj000mmc0tp5q22p2l 2024-11-10T13:59:00.296Z weekly 0.6 https://kqlsearch.com/query/DeviceNetworkEvents%20Blocklist%20Project%20Hits&cm3bnuduk000lmc0t0zggtvu0 2024-11-10T13:58:53.851Z weekly 0.6 https://kqlsearch.com/query/Device%20ATP%20Tampering%20Detection&cm3bnua80000kmc0tthjyeslk 2024-11-10T13:58:49.151Z weekly 0.6 https://kqlsearch.com/query/Detection%20of%20Spoofed%20Emails&cm3bnu3vs000jmc0twpg3iniw 2024-11-10T13:58:40.935Z weekly 0.6 https://kqlsearch.com/query/Deleted%20Mail%20Items%20Monitoring&cm3bntzd3000imc0tcnkx7xxt 2024-11-10T13:58:35.078Z weekly 0.6 https://kqlsearch.com/query/Defender%20Script%20Scanning%20Disable%20Detection&cm3bntsb6000hmc0tzpsa311t 2024-11-10T13:58:25.794Z weekly 0.6 https://kqlsearch.com/query/Defender%20AV%20Failed%20Full%20Scans&cm3bnos9t000gmc0tbdpo66lb 2024-11-10T13:54:32.608Z weekly 0.6 https://kqlsearch.com/query/Default%20Local%20Admin%20Logon%20Detection&cm3bnonwv000fmc0tre8vb2xs 2024-11-10T13:54:26.958Z weekly 0.6 https://kqlsearch.com/query/Data%20Ingestion%20Status%20Monitoring&cm3bnoj1b000emc0te6jox3fo 2024-11-10T13:54:20.473Z weekly 0.6 https://kqlsearch.com/query/Daily%20Data%20Usage%20and%20User%20Analysis&cm3bnoeqk000dmc0tdsus3o7o 2024-11-10T13:54:15.067Z weekly 0.6 https://kqlsearch.com/query/Daggerfly%20IOC%20Detection&cm3bnoazg000cmc0tqmejy2z9 2024-11-10T13:54:10.203Z weekly 0.6 https://kqlsearch.com/query/Daggerfly%20IOC%20Detection%20Sentinel&cm3bno5n2000bmc0t0zq39ymw 2024-11-10T13:54:03.135Z weekly 0.6 https://kqlsearch.com/query/Custom%20IOC%20Block%20Events&cm3bno1zi000amc0tkuiwqmqv 2024-11-10T13:53:58.541Z weekly 0.6 https://kqlsearch.com/query/Cryptocurrency%20Domain%20Detection&cm3bnnwmh0009mc0t35xm332o 2024-11-10T13:53:51.592Z weekly 0.6 https://kqlsearch.com/query/Correlated%20IP%20Events%20from%20Important%20Watchlist&cm3bnnt800008mc0t8w1lblc1 2024-11-10T13:53:47.036Z weekly 0.6 https://kqlsearch.com/query/CloudWorker%20Abuse%20Detection&cm3bnnobo0007mc0t6156wvd4 2024-11-10T13:53:40.835Z weekly 0.6 https://kqlsearch.com/query/Chinese%20APT%20VS%20Code%20Exploitation%20Detection&cm3bnnkkv0006mc0t625367sz 2024-11-10T13:53:35.983Z weekly 0.6 https://kqlsearch.com/query/Binaries%20using%20AnyDesk%20Compromised%20Certificate&cm3bnnetw0005mc0tnd3ksrt6 2024-11-10T13:53:28.388Z weekly 0.6 https://kqlsearch.com/query/Accounts%20Under%20Attack%20From%20Multiple%20Countries&cm3bnn8pc0004mc0trkdq6axu 2024-11-10T13:53:20.591Z weekly 0.6 https://kqlsearch.com/query/Access%20Global%20Failed%20Login&cm3bnn3h00003mc0twjxynmqy 2024-11-10T13:53:13.811Z weekly 0.6 https://kqlsearch.com/query/AWS%20GPU%20Instance%20Launch%20Detection&cm3bnmzl10002mc0ts01clmyj 2024-11-10T13:53:08.630Z weekly 0.6 https://kqlsearch.com/query/APT29%20TeamViewer%20Activity%20Detection&cm3bnmv900001mc0t1ovd53s7 2024-11-10T13:53:03.155Z weekly 0.6 https://kqlsearch.com/query/AD%20Provisioning%20Attribute%20Modification%20Report&cm3bnmq4q0000mc0tbcvx22xg 2024-11-10T13:52:56.467Z weekly 0.6 https://kqlsearch.com/query/Detecting%20External%20Microsoft%20Teams%20Spray&cm38ib0mx02gjmc0pxv9unpdc 2024-11-08T09:00:33.656Z weekly 0.6 https://kqlsearch.com/query/AdvancedFeatureDisabled&cm37suiaj02g2mc0p0lqt9q7m 2024-11-07T21:07:52.986Z weekly 0.6 https://kqlsearch.com/query/Monitor%20Abusing%20Intune%20Permissions%20for%20Lateral%20Movement&cm373u3wp02flmc0p4xfswxg3 2024-11-07T09:27:43.944Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-10443%20Hunting%3A%20RISK%3ASTATION&cm35ofvdk02eomc0po3ayk2f5 2024-11-06T09:28:59.144Z weekly 0.6 https://kqlsearch.com/query/Hunting%20VEILDrive%20C2&cm35ald0702efmc0p72kdt25e 2024-11-06T03:01:20.790Z weekly 0.6 https://kqlsearch.com/query/MDCA%20MDO%20-%20MailItemsAccessedByCompromisedAccount&cm34xj1pg02e6mc0plg5r03a5 2024-11-05T20:55:37.683Z weekly 0.6 https://kqlsearch.com/query/EDRSandblast&cm335iavb02d1mc0pn0n1t9wo 2024-11-04T15:03:27.477Z weekly 0.6 https://kqlsearch.com/query/suspicious-rdp-files-in-outlook-temporary-folders&cm323abar02ccmc0px0tvca7w 2024-11-03T21:13:29.522Z weekly 0.6 https://kqlsearch.com/query/Community%20Repositories&cm3233qy702cbmc0pniv7lsec 2024-11-03T21:08:22.232Z weekly 0.6 https://kqlsearch.com/query/Detect%20WordPress%20plugins%20from%20HTTP%20requests&cm2xsjto6029mmc0pthdjkghw 2024-10-31T21:01:52.757Z weekly 0.6 https://kqlsearch.com/query/LargeNumberOfVMsStarted&cm2xs9tid029lmc0plbt4ltf6 2024-10-31T20:54:05.844Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20CopilotModelsUsed&cm2uxf0xm027smc0p81yxuv4a 2024-10-29T20:54:48.285Z weekly 0.6 https://kqlsearch.com/query/Monitoring%20potential%20sign-In%20Attempts%20from%20Airport%20Networks&cm2nh2w3c0233mc0pa8fxzz01 2024-10-24T15:43:05.028Z weekly 0.6 https://kqlsearch.com/query/identify-browser-extensions-with-can-turnoff-malware-protections-permissions-in-endpoints-with-no-tamper-protection&cm2hcjsx801zamc0ptk6admnv 2024-10-20T08:49:39.108Z weekly 0.6 https://kqlsearch.com/query/Honeypot%20Threat%20Intelligence%20(TI)%20Data&cm2gng5it01ytmc0pn51q8tjt 2024-10-19T21:06:58.278Z weekly 0.6 https://kqlsearch.com/query/MDO%20-%20Enhancing%20Email%20Security%20with%20NRD%20Filtering&cm2dg3w8r01wsmc0pr2rza91a 2024-10-17T15:18:10.540Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Port%20Scanning%20on%20Internet-Facing%20Devices&cm2ccwfcx01w3mc0p0o005i4c 2024-10-16T21:00:37.184Z weekly 0.6 https://kqlsearch.com/query/Detect%20sensitive%20and%20confidential%20files%20sent%20by%20Email&cm2c15w5e01vumc0pmok8booj 2024-10-16T15:32:03.457Z weekly 0.6 https://kqlsearch.com/query/Defender%20XDR%20alert%20evidence%20summarized&cm2c0serf01vtmc0pnsdl1c7l 2024-10-16T15:21:34.394Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20M365%20Copilot%20Extensions%20Threat%20Monitoring&cm2bn6ju901vkmc0peh883o1k 2024-10-16T09:00:39.373Z weekly 0.6 https://kqlsearch.com/query/Entra%20User%20Account%20Compromised%20by%20C2&cm2almszf01uvmc0pxrw6kyhr 2024-10-15T15:29:32.333Z weekly 0.6 https://kqlsearch.com/query/Malfunction%20Hunting%20Query%20not%20working%20in%20Graph%20API&cm2al7v3u01uumc0plywaa4qb 2024-10-15T15:17:55.244Z weekly 0.6 https://kqlsearch.com/query/The%20Hunt%20for%20Blob%20Phishing%20Mail%20Domain&cm29w408a01uhmc0p4q569rrm 2024-10-15T03:35:04.858Z weekly 0.6 https://kqlsearch.com/query/PrioritizeSecureConfiguration&cm29ikige01u8mc0p8sc2qo38 2024-10-14T21:16:00.492Z weekly 0.6 https://kqlsearch.com/query/%F0%9D%97%A7%F0%9D%97%B5%F0%9D%97%B2%20%F0%9D%97%9B%F0%9D%98%82%F0%9D%97%BB%F0%9D%98%81%20%F0%9D%97%B3%F0%9D%97%BC%F0%9D%97%BF%20%F0%9D%97%95%F0%9D%97%B9%F0%9D%97%BC%F0%9D%97%AF%20%F0%9D%97%A3%F0%9D%97%B5%F0%9D%97%B6%F0%9D%98%80%F0%9D%97%B5%F0%9D%97%B6%F0%9D%97%BB%F0%9D%97%B4%20%F0%9D%97%A0%F0%9D%97%AE%F0%9D%97%B6%F0%9D%97%B9%20%F0%9D%97%97%F0%9D%97%BC%F0%9D%97%BA%F0%9D%97%AE%F0%9D%97%B6%F0%9D%97%BB&cm296voud01tzmc0pbrfdu45o 2024-10-14T15:48:46.453Z weekly 0.6 https://kqlsearch.com/query/Chrome%20extension%20stealth%20persistence%20detection&cm27pozn801t2mc0pwa0y58cx 2024-10-13T14:59:54.355Z weekly 0.6 https://kqlsearch.com/query/M365%20Copilot%20Extensions%20Threat%20Monitoring&cm27cmt0w01stmc0pytrz6ec4 2024-10-13T08:54:17.311Z weekly 0.6 https://kqlsearch.com/query/Detecting%20New%20Copilot%20Extensions&cm26mylko01scmc0ptugwdhpg 2024-10-12T20:55:37.655Z weekly 0.6 https://kqlsearch.com/query/Technique%20profile%20eDiscovery%20misuse%20detection&cm257kxe501rfmc0pps01ovxz 2024-10-11T20:57:19.229Z weekly 0.6 https://kqlsearch.com/query/Detect%20CVE-2024-43572%20Abuse&cm23f79dr01qamc0p6vfdcmxu 2024-10-10T14:55:06.153Z weekly 0.6 https://kqlsearch.com/query/MDE-DeviceRename&cm22pmrbf01ptmc0plirh9u6d 2024-10-10T02:59:19.369Z weekly 0.6 https://kqlsearch.com/query/MDE-DefenderExclusionsEnumerations&cm22pmls201psmc0piekrkolz 2024-10-10T02:59:12.051Z weekly 0.6 https://kqlsearch.com/query/AvScanResults&cm21zzsxg01pbmc0pcf0q704o 2024-10-09T15:01:37.971Z weekly 0.6 https://kqlsearch.com/query/IdentityDirectoryEvents-SID-History%20changed&cm21zteu801pamc0ppx7optdl 2024-10-09T14:56:39.631Z weekly 0.6 https://kqlsearch.com/query/IdentityDirectoryEvents-ADFS%20DKM%20property%20read&cm21zt67t01p9mc0p5e76zxlu 2024-10-09T14:56:28.600Z weekly 0.6 https://kqlsearch.com/query/Parsing-UnifiedAZKVAuditLogs&cm20x4tdn01okmc0pn8vblwts 2024-10-08T20:53:46.645Z weekly 0.6 https://kqlsearch.com/query/CustomDetectionReport&cm20kfng101obmc0psiudqza3 2024-10-08T14:58:17.328Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Mamba%202FA%20phishing-as-a-service&cm20830iz01o2mc0py6yvsi2i 2024-10-08T09:12:32.221Z weekly 0.6 https://kqlsearch.com/query/Detect%20PnP%20devices%20connected%20to%20my%20endpoint%20machines&cm1ys20o401n5mc0pzawuatfn 2024-10-07T08:56:05.859Z weekly 0.6 https://kqlsearch.com/query/Top%2010%20Most%20Sprayed%20UPNs%20by%20IPs%20and%20Countries%20using%20BehaviourAnalytics&cm1xcrcib01m8mc0p4tvn7uwr 2024-10-06T09:00:07.569Z weekly 0.6 https://kqlsearch.com/query/identify-network-shares-with-write-permissions-set-to-everyone-in-highly-exposed-devices&cm1xcm02101m7mc0pxjxmp8bj 2024-10-06T08:55:58.152Z weekly 0.6 https://kqlsearch.com/query/self-signed-certificates&cm1xclvyu01m6mc0pzxgw7w2l 2024-10-06T08:55:52.835Z weekly 0.6 https://kqlsearch.com/query/Sentinel%20-%20Threat%20Hunting%20DNS%20Tunneling&cm1vx4l5v01l9mc0p1mpvs1iq 2024-10-05T08:54:45.281Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20-%20Threat%20Hunting%20DNS%20Tunneling&cm1vx3m0x01l8mc0phj7hmnwf 2024-10-05T08:53:59.744Z weekly 0.6 https://kqlsearch.com/query/Threat%20Hunting%20-%20MDE%20Network%20Intrusion%20Discovery&cm1ts6hnd01jvmc0pzq80r1fv 2024-10-03T21:00:43.463Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Windows%20Side-Loading%20DLL%20attacks&cm1tf674r01jmmc0pryd2vck9 2024-10-03T14:56:34.970Z weekly 0.6 https://kqlsearch.com/query/RMMConnection&cm1sc813e01ixmc0pnjl7noj0 2024-10-02T20:46:15.433Z weekly 0.6 https://kqlsearch.com/query/Missing%20logs%20in%20EmailEvents&cm1rz6o7m01iomc0p6q68uptt 2024-10-02T14:41:17.066Z weekly 0.6 https://kqlsearch.com/query/Measuring%20Sentinel%20WatchList%20Effectiveness%20using%20Behaviour%20Analytics&cm1ncc87s01frmc0p4ho4hhxk 2024-09-29T08:50:40.407Z weekly 0.6 https://kqlsearch.com/query/Custom%20Detection%20for%20CVE-2024-38200%20NTLMv2%20Hash%20Exposure&cm1ncbcpg01fqmc0p81j4n059 2024-09-29T08:49:59.571Z weekly 0.6 https://kqlsearch.com/query/Entra%20Cross-Tenant%20Activity%20Monitoring&cm1lwxxpt01etmc0p0h710hg0 2024-09-28T08:51:53.200Z weekly 0.6 https://kqlsearch.com/query/Custom%20Detection%20Rule%20for%20CUPS%20Installation%20in%20DefenderXDR&cm1l78xeb01ecmc0pkt79f5f9 2024-09-27T20:52:35.986Z weekly 0.6 https://kqlsearch.com/query/Finding%20internet%20facing%20device%20with%20CUPS&cm1k4l3nl01dnmc0phps9eirc 2024-09-27T02:50:18.944Z weekly 0.6 https://kqlsearch.com/query/Check%20malicious%20link%20or%20email&cm1jeplaj01d6mc0pojayqn09 2024-09-26T14:45:58.261Z weekly 0.6 https://kqlsearch.com/query/Monitoring%20Microsoft%20365%20Copilot%20Web%20Search%20Queries%20with%20DefenderXDR&cm1icdafk01chmc0pmuozw00a 2024-09-25T20:52:39.055Z weekly 0.6 https://kqlsearch.com/query/SignInFromSuspiciousIP&cm1ic1s3w01cgmc0piqzso42v 2024-09-25T20:43:42.091Z weekly 0.6 https://kqlsearch.com/query/PowerShellPossibleC2Connection&cm1hmknrb01bzmc0pjvc4eyf9 2024-09-25T08:50:32.759Z weekly 0.6 https://kqlsearch.com/query/Email%20-%20TyposquattedEmailRecieved&cm1gwuxmg01bimc0pkr90gxqs 2024-09-24T20:50:42.231Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Nation-State%20Threat%20Actors%20with%20Custom%20KQL%20Queries&cm1gk63fj01b9mc0px3scqcie 2024-09-24T14:55:27.966Z weekly 0.6 https://kqlsearch.com/query/Purview%20DLP%20Endpoint%20alert%20info&cm1f4dumu01acmc0pc43frc7b 2024-09-23T14:45:49.639Z weekly 0.6 https://kqlsearch.com/query/High-Risk%20assets%20with%20command%20line%20credentials&cm1dp4l6u019fmc0ph2y6lgjl 2024-09-22T14:50:57.221Z weekly 0.6 https://kqlsearch.com/query/Monitoring%20restricted%20management%20administrative%20units%20abuse&cm1bwvv2o018amc0pu2867ub2 2024-09-21T08:52:34.545Z weekly 0.6 https://kqlsearch.com/query/Password%20Spraying%20Detection%20in%20Active%20Directory&cm19rsfow016xmc0pfzso2a4l 2024-09-19T20:54:24.223Z weekly 0.6 https://kqlsearch.com/query/SignatureRingDistribution&cm19rirps016wmc0plfncef7l 2024-09-19T20:46:53.247Z weekly 0.6 https://kqlsearch.com/query/Purview%20DLP%20Teams%20alert%20info&cm19ren3o016vmc0p67pvlll0 2024-09-19T20:43:40.786Z weekly 0.6 https://kqlsearch.com/query/Purview%20DLP%20SharePoint%20alert%20info&cm19rednx016umc0pw8990wq3 2024-09-19T20:43:28.411Z weekly 0.6 https://kqlsearch.com/query/Purview%20DLP%20OneDrive%20alert%20info&cm19re5q4016tmc0pxdu8it4m 2024-09-19T20:43:18.267Z weekly 0.6 https://kqlsearch.com/query/Purview%20DLP%20Exchange%20alert%20info&cm19rdvnj016smc0p3t2oxfdz 2024-09-19T20:43:05.069Z weekly 0.6 https://kqlsearch.com/query/Detect%20API%20Spray%20Attack%20on%20your%20Entra%20High%20Value%20Assets&cm17zgtdf015nmc0prnl9mmb7 2024-09-18T14:53:46.802Z weekly 0.6 https://kqlsearch.com/query/Suspicious%20SSH%20connection%20inspections&cm17mhs5s015emc0pmhp9u95j 2024-09-18T08:50:36.729Z weekly 0.6 https://kqlsearch.com/query/Pivot%20-%20ASRConfig&cm16whml4014xmc0p1d84kq27 2024-09-17T20:42:39.479Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Twill%20Typhoon%20VSCode%20Exploit&cm14ro5bg013kmc0ppgte0hie 2024-09-16T08:52:13.419Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Windows%20Downdate%20Abuse&cm11wp0fc011rmc0pee84txk6 2024-09-14T08:49:33.145Z weekly 0.6 https://kqlsearch.com/query/identify-suspicious-certificates-in-endpoints-with-zero-keysize-and-no-signature%20algorithm&cm11jpm54011imc0pavit5cdx 2024-09-14T02:46:06.279Z weekly 0.6 https://kqlsearch.com/query/Detect%20External%20Sources%20scanning%20my%20exposed%20devices&cm10u3tb70111mc0pdiwvweau 2024-09-13T14:49:18.740Z weekly 0.6 https://kqlsearch.com/query/Interactive_web_login&cm10tkvjh0110mc0ppth4fg8l 2024-09-13T14:34:35.167Z weekly 0.6 https://kqlsearch.com/query/Office365-Recycled-Restored&cm0zrhcol010bmc0pj3gz8z69 2024-09-12T20:48:05.492Z weekly 0.6 https://kqlsearch.com/query/Office365-CustomerLockbox&cm0zrh7jd010amc0pni6r3xn6 2024-09-12T20:47:58.680Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-ExposureLevel&cm0zrgoxn0109mc0poumzis4n 2024-09-12T20:47:34.714Z weekly 0.6 https://kqlsearch.com/query/Microsoft_September_updates&cm0yc61tb00zcmc0pyzx5t6x0 2024-09-11T20:51:37.624Z weekly 0.6 https://kqlsearch.com/query/Devtunnelcodetunneling&cm0v4bph000xbmc0p2epkmm0k 2024-09-09T14:48:46.258Z weekly 0.6 https://kqlsearch.com/query/DevtunnelRegistry&cm0v4bkqi00xamc0pla79tfih 2024-09-09T14:48:39.977Z weekly 0.6 https://kqlsearch.com/query/DevTunnelFileEvents&cm0v4bh3i00x9mc0pzyi6mlln 2024-09-09T14:48:35.405Z weekly 0.6 https://kqlsearch.com/query/EntraRolesReport&cm0v44a4k00x8mc0pfx4gsuro 2024-09-09T14:42:59.779Z weekly 0.6 https://kqlsearch.com/query/Potential%20Threats%20or%20network%20anomalies%20related%20to%20ICMP%20Inbound%20Connections&cm0urif3s00wzmc0pwrdfee3i 2024-09-09T08:50:04.263Z weekly 0.6 https://kqlsearch.com/query/DevTunnelnetworkdetection&cm0urh9na00wymc0p5pu0cn24 2024-09-09T08:49:10.677Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20MITRE%20ATT%26CK%20Technique%20Analysis&cm0tox73f00w9mc0pd1z71dk6 2024-09-08T14:49:48.842Z weekly 0.6 https://kqlsearch.com/query/Check%20for%20Entra%20Legacy%20TLS%20Login&cm0tc1f3l00w0mc0pa1evqpc0 2024-09-08T08:49:10.832Z weekly 0.6 https://kqlsearch.com/query/Check%20for%20Azure%20Outdated%20Security%20Protocols&cm0tc1art00vzmc0pkgah6wut 2024-09-08T08:49:05.224Z weekly 0.6 https://kqlsearch.com/query/Threat%20Hunting%20AzureHound%20Usage&cm0rwofoy00v2mc0pk4ozczc0 2024-09-07T08:51:24.514Z weekly 0.6 https://kqlsearch.com/query/Detecting%20BYOVDLL%20Abuse&cm0r6xovm00ulmc0p36re3lkx 2024-09-06T20:50:46.306Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-EDRSensorUpdate&cm0pradcp00tomc0p1s75jj1y 2024-09-05T20:44:57.864Z weekly 0.6 https://kqlsearch.com/query/M365%20Copilot%20Plugins%20Inventory%20Analysis&cm0p1tufg00t7mc0p9aopn4vm 2024-09-05T08:52:16.587Z weekly 0.6 https://kqlsearch.com/query/EntraGroupMembershipReport&cm0obsdai00sqmc0pwge4h2pk 2024-09-04T20:43:17.705Z weekly 0.6 https://kqlsearch.com/query/UniqueActions&cm0mwczhb00rtmc0puy7mwrig 2024-09-03T20:43:39.550Z weekly 0.6 https://kqlsearch.com/query/SocGhoulish&cm0mw3fgj00rsmc0p388amswm 2024-09-03T20:36:13.699Z weekly 0.6 https://kqlsearch.com/query/Monitor%20Privilege%20User%20SSPR&cm0m6xkk200rbmc0pjb2lph7e 2024-09-03T08:51:49.969Z weekly 0.6 https://kqlsearch.com/query/Non-supported%20Agent%20version%20required%20for%20the%20Contain%20User%20action%20by%20Attack%20Disruption&cm0m6vt1p00ramc0pi9i31oi4 2024-09-03T08:50:27.660Z weekly 0.6 https://kqlsearch.com/query/Identifying%20methods%20used%20to%20establish%20secure%20communication%20over%20insecure%20channels&cm0k1lmec00pxmc0pi14g98at 2024-09-01T20:47:02.051Z weekly 0.6 https://kqlsearch.com/query/Detecting%20EDR-killing%20Tool&cm0hwgr8v00okmc0p4ahlvq8f 2024-08-31T08:47:44.482Z weekly 0.6 https://kqlsearch.com/query/Communication%20at%20risk%20due%20to%20the%20encryption%20algorithms%20(Ciphers)%20in%20use&cm0feic9m00mzmc0pmclpurss 2024-08-29T14:49:33.081Z weekly 0.6 https://kqlsearch.com/query/identify-endpoint-browser-extensions-with-can-turnoff-malware-protections-permissions&cm0fef3z500mymc0pg0a0nfhb 2024-08-29T14:47:02.221Z weekly 0.6 https://kqlsearch.com/query/Threat%20Hunting%20Microsoft%20Sway%20Quishing&cm0ebwb4h00m9mc0ppuuvgxk4 2024-08-28T20:48:39.760Z weekly 0.6 https://kqlsearch.com/query/NltestDiscovery&cm0cw9e2q00lcmc0pgr05a5fi 2024-08-27T20:43:10.081Z weekly 0.6 https://kqlsearch.com/query/Threat%20Hunting%20BYOVD%20Scenarios&cm0cjnns900l3mc0p8bssba0f 2024-08-27T14:50:20.699Z weekly 0.6 https://kqlsearch.com/query/GetsystemelevationCSmetasploit&cm0cjlzxs00l2mc0piw52qvu5 2024-08-27T14:49:03.279Z weekly 0.6 https://kqlsearch.com/query/Threat%20Hunting%20with%20MDE%20Device%20Discovery%20and%20SeenBy%20Enrichment%20Function&cm0bh0rt300kdmc0p1z2hnwj2 2024-08-26T20:48:47.558Z weekly 0.6 https://kqlsearch.com/query/RoleReport&cm0bgqnnq00kcmc0pttoieyaf 2024-08-26T20:40:55.621Z weekly 0.6 https://kqlsearch.com/query/H%F0%9D%97%BC%F0%9D%98%84%20%F0%9D%97%BA%F0%9D%97%AE%F0%9D%97%BB%F0%9D%98%86%20%F0%9D%97%96%F0%9D%97%BF%F0%9D%97%BC%F0%9D%98%84%F0%9D%97%B1%F0%9D%97%A6%F0%9D%98%81%F0%9D%97%BF%F0%9D%97%B6%F0%9D%97%B8%F0%9D%97%B2%20%F0%9D%97%B0%F0%9D%97%B9%F0%9D%97%B6%F0%9D%97%B2%F0%9D%97%BB%F0%9D%98%81%F0%9D%98%80%20%F0%9D%97%BF%F0%9D%98%82%F0%9D%97%BB%F0%9D%97%BB%F0%9D%97%B6%F0%9D%97%BB%F0%9D%97%B4%20%F0%9D%97%BC%F0%9D%97%BB%20%F0%9D%97%A0%F0%9D%97%B6%F0%9D%97%B0%F0%9D%97%BF%F0%9D%97%BC%F0%9D%98%80%F0%9D%97%BC%F0%9D%97%B3%F0%9D%98%81%20%F0%9D%97%94%F0%9D%98%87%F0%9D%98%82%F0%9D%97%BF%F0%9D%97%B2%20%F0%9D%97%B4%F0%9D%97%B9%F0%9D%97%BC%F0%9D%97%AF%F0%9D%97%AE%F0%9D%97%B9%F0%9D%97%B9%F0%9D%98%86&cm0b43hk800k3mc0p5qo6egr8 2024-08-26T14:46:59.239Z weekly 0.6 https://kqlsearch.com/query/AdfindDetection&cm0b41eaj00k2mc0p948prkmx 2024-08-26T14:45:21.690Z weekly 0.6 https://kqlsearch.com/query/GroupMembershipReport&cm0a19n3f00jdmc0phjvsiqeu 2024-08-25T20:40:01.322Z weekly 0.6 https://kqlsearch.com/query/Enriching%20CVE%20Tables%20with%20CVE%20Mitre%20Data&cm09onpbr00j4mc0ptuwj1tb2 2024-08-25T14:47:02.390Z weekly 0.6 https://kqlsearch.com/query/Peaklightinfection&cm09omtfo00j3mc0pw2rdw38q 2024-08-25T14:46:20.913Z weekly 0.6 https://kqlsearch.com/query/How%20many%20Crowdstrike%20clients%20running%20on%20Microsoft%20Azure%20globally&cm08yxq8y00immc0pqdqk3kpd 2024-08-25T02:47:00.129Z weekly 0.6 https://kqlsearch.com/query/use-exposure-management-to-identify-local-ntlm-hashes-from-sensitive-users&cm06tpstg00h9mc0pxy436sww 2024-08-23T14:45:19.639Z weekly 0.6 https://kqlsearch.com/query/use-exposure-management-to-chart-user-groups-with-local-admin-privileges&cm06tporr00h8mc0pv49z70xf 2024-08-23T14:45:14.534Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-7971%20Patch%20Prioritization&cm05ed30800gbmc0pzryyh43w 2024-08-22T14:47:46.038Z weekly 0.6 https://kqlsearch.com/query/Infrastructure%20Vulnerability%20Exposure%20to%20Volt%20Typhoon&cm051ioqw00g2mc0p2dnftvw9 2024-08-22T08:48:12.487Z weekly 0.6 https://kqlsearch.com/query/Email%20Bad%20Reputation%20ASN%20activities&cm051hk4e00g1mc0p0bu0d523 2024-08-22T08:47:19.837Z weekly 0.6 https://kqlsearch.com/query/Entra%20ID%20Administrative%20Role%20(AD-Sync)&cm03m3o6600f4mc0pl50iwo52 2024-08-21T08:48:51.346Z weekly 0.6 https://kqlsearch.com/query/OneDriveSyncFromRareIP&cm02w49rj00enmc0pfw69xbjn 2024-08-20T20:41:29.312Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20RemoteImageLoads&cm02w3ot800emmc0paaq8fx6t 2024-08-20T20:41:02.300Z weekly 0.6 https://kqlsearch.com/query/KQL%20to%20check%20Privilege%20Admin%20failing%20Microsoft%20CA%20MFA%20enforcement&cm02jngq100edmc0pksmzq6qe 2024-08-20T14:52:29.928Z weekly 0.6 https://kqlsearch.com/query/Detect%20Potential%20DLL%20Hijacking%20cases&cm026lt3w00e4mc0pj5m7p4hj 2024-08-20T08:47:17.518Z weekly 0.6 https://kqlsearch.com/query/Sentinel%20analytics%20rule%20for%20Copilot%20Studio%20Bot%20creation%20detection&clzwtsweh00armc0p4jh53m0m 2024-08-16T14:50:02.632Z weekly 0.6 https://kqlsearch.com/query/Classifying%20HTTP%20Status%20Code%20and%20detecting%20possible%20Threats&clzwtrdzi00aqmc0pgr9kfenx 2024-08-16T14:48:52.109Z weekly 0.6 https://kqlsearch.com/query/UseCases_by_MITRE&clzwtc1ql00apmc0p3hox6ebo 2024-08-16T14:36:56.248Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Copilot%20Studio%20Bot%20Creation&clzwgxxek00agmc0pmlrnesoi 2024-08-16T08:50:02.055Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-38063%20CVSS%209.8%20Prioritization&clzubqswa0093mc0pitz4vroo 2024-08-14T20:48:59.337Z weekly 0.6 https://kqlsearch.com/query/MFASuspicious&clztz37ok008umc0pdpasn1od 2024-08-14T14:54:43.215Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-38200%20NTLM%20Exposure%20Detection&clzsjidck007xmc0p91wd19il 2024-08-13T14:50:50.515Z weekly 0.6 https://kqlsearch.com/query/Potential%20False%20Positives%20related%20to%20Anomalous%20Token%20alerts&clzsjhi43007wmc0p5nrqvj1g 2024-08-13T14:50:09.892Z weekly 0.6 https://kqlsearch.com/query/Sentinel%20UEBA%20Privilege%20Escalation%20Detection&clzrtpjkw007fmc0px4pygh0b 2024-08-13T02:48:35.166Z weekly 0.6 https://kqlsearch.com/query/Detect%20Power%20Pwn%20(aka%20LOLCopilot)%20Red%20Team%20Tool%20&clzrgvh6o0076mc0plspoefy4 2024-08-12T20:49:16.991Z weekly 0.6 https://kqlsearch.com/query/Detect%20Spear%20Phishing%20using%20Copilot%20for%20Microsoft%20365&clzpohwf00061mc0plnsoh43y 2024-08-11T14:47:08.123Z weekly 0.6 https://kqlsearch.com/query/Exposure%20Management%3A%20Cloud%20or%20On-Prem%20VDI%20Platform%20Blast%20Radius&clzolwygf005cmc0pnx2fhu2p 2024-08-10T20:47:05.443Z weekly 0.6 https://kqlsearch.com/query/Detect%20Microsoft%20Graph%20API%20Abuse&clznw6ebe004vmc0p5o2o8ceh 2024-08-10T08:46:36.025Z weekly 0.6 https://kqlsearch.com/query/Detect%20Privilege%20Admin%20under%20AiTM%20attack&clzmtoy8r0046mc0p2o73rqvk 2024-08-09T14:49:16.488Z weekly 0.6 https://kqlsearch.com/query/SummaryOfFirstPartyServicePrincipals_withoutTenantSpecificData&clzmtlwhn0045mc0pnpuf3l61 2024-08-09T14:46:54.394Z weekly 0.6 https://kqlsearch.com/query/SummaryOfFirstPartyServicePrincipals&clzmtlm1t0044mc0pv3up8ut4 2024-08-09T14:46:40.717Z weekly 0.6 https://kqlsearch.com/query/Detect%20vulnerable%20device%20with%20Global%20Admin%20browser%20cookie%20credential&clzlec2wf0037mc0p8jayl1mv 2024-08-08T14:51:35.584Z weekly 0.6 https://kqlsearch.com/query/RiskyExternalPrivilegedUsersWithEnrichmentOfKnownAttackPathsAndTiering&clzl1b3oc002ymc0pkrfmon43 2024-08-08T08:46:55.067Z weekly 0.6 https://kqlsearch.com/query/Detect%20human-operated%20ransomware%20attacks%20that%20use%20RDP&clzjyvffd0029mc0p61zlb8sr 2024-08-07T14:50:58.248Z weekly 0.6 https://kqlsearch.com/query/Attacker%20in%20the%20Middle%20Precision%20Detection&clzjm4aei0020mc0p7zxghwe7 2024-08-07T08:53:56.778Z weekly 0.6 https://kqlsearch.com/query/MC847884%20-%20Check%20iOS%2016%20mobile%20outlook%20users%20due%20to%20out%20of%20support%20in%20Sep%202024&clziw9xwf001jmc0ponhwhefg 2024-08-06T20:50:30.352Z weekly 0.6 https://kqlsearch.com/query/LatrodectusFileCreation&clziw7yov001imc0pcjcjw8nh 2024-08-06T20:48:58.205Z weekly 0.6 https://kqlsearch.com/query/Anonymous%20access%20to%20files%20by%20suspicious%20IP%20addresses&clzij9o8n0019mc0pfz4wzvxc 2024-08-06T14:46:22.965Z weekly 0.6 https://kqlsearch.com/query/Detect%20LNK%20Stomping&clzi6j34u0010mc0pvupiai4c 2024-08-06T08:49:47.165Z weekly 0.6 https://kqlsearch.com/query/RemoteDCOMChildProc&clzhthoxw000rmc0ptkspdp6v 2024-08-06T02:44:47.107Z weekly 0.6 https://kqlsearch.com/query/Remote_Actions_By_Compromised_Account&clzhgb316000imc0pqwyi8a5t 2024-08-05T20:35:43.769Z weekly 0.6 https://kqlsearch.com/query/RDP_by_IP&clzhgatku000hmc0pyvyx52vz 2024-08-05T20:35:31.375Z weekly 0.6 https://kqlsearch.com/query/Defender_Tampering&clzhg9h3j000gmc0pekud5up6 2024-08-05T20:34:28.544Z weekly 0.6 https://kqlsearch.com/query/Visualize%20Entra%20Password%20Spray%20Attack%20with%20ADX%20Interactive%20Map&clzh2clqu002v5ivo483dapkz 2024-08-05T14:05:00.022Z weekly 0.6 https://kqlsearch.com/query/Understanding%20Sentinel%20password%20spray%20data%20with%20Copilot%20for%20Microsoft%20365&clzh2cejk002u5ivorik76lq3 2024-08-05T14:04:50.719Z weekly 0.6 https://kqlsearch.com/query/Threat%20Intelligence%20Data%20from%20Sentinel%20UEBA2&clzh2c7kx002t5ivo9egtvi1m 2024-08-05T14:04:41.688Z weekly 0.6 https://kqlsearch.com/query/Threat%20Intelligence%20Data%20from%20Sentinel%20UEBA&clzh2bufx002s5ivo002va7nw 2024-08-05T14:04:24.668Z weekly 0.6 https://kqlsearch.com/query/Threat%20Hunting%20Nation%20State%20Actors&clzh2blkf002r5ivoko96fq6q 2024-08-05T14:04:13.157Z weekly 0.6 https://kqlsearch.com/query/Sentinel%20All-In-One%20UPN%20ThreatHunt&clzh2beb0002q5ivo4m1opv8o 2024-08-05T14:04:03.754Z weekly 0.6 https://kqlsearch.com/query/Sentinel%20All-In-One%20IP%20ThreatHunt&clzh2b648002p5ivo7knnqpqo 2024-08-05T14:03:53.133Z weekly 0.6 https://kqlsearch.com/query/Sentinel%20Alerts%20%26%20MITRE%20ATT%26CK%20Analysis&clzh2awm5002o5ivovi5i6z3z 2024-08-05T14:03:40.827Z weekly 0.6 https://kqlsearch.com/query/Phishing%20campaigns%20leveraging%20Microsoft%20Forms&clzh2aqum002n5ivosienpyd7 2024-08-05T14:03:33.344Z weekly 0.6 https://kqlsearch.com/query/Part%202%3A%20DefenderXDR%20KQL%20detection%20for%20fake%20CrowdStrike%20domain%20URL&clzh2abfx002m5ivoqgocaprp 2024-08-05T14:03:13.387Z weekly 0.6 https://kqlsearch.com/query/Part%201%3A%20Custom%20DefenderXDR%20KQL%20detection%20for%20fake%20CrowdStrike%20email%20domain&clzh2a6o2002l5ivokimll7cp 2024-08-05T14:03:07.200Z weekly 0.6 https://kqlsearch.com/query/New%20Threat%20Actor%20Group%20Signature&clzh29zvj002k5ivo52a378nh 2024-08-05T14:02:58.388Z weekly 0.6 https://kqlsearch.com/query/Nation%20State%20Actors%20via%20Microsoft%20Graph&clzh29tt4002j5ivobfwy8o11 2024-08-05T14:02:50.534Z weekly 0.6 https://kqlsearch.com/query/NEW%20Real-time%20Anomalous%20Token%20Detection&clzh29mrw002i5ivok37w2rwu 2024-08-05T14:02:41.410Z weekly 0.6 https://kqlsearch.com/query/NEW%20Microsoft%20Graph%20API%20Identity%20Protection%20KQL%20Detection&clzh29gjd002h5ivo66yui8cq 2024-08-05T14:02:33.336Z weekly 0.6 https://kqlsearch.com/query/Microsoft%20Entra%20Identity%20Attack%20Threat%20Detection&clzh29ax6002g5ivodxz0djel 2024-08-05T14:02:26.056Z weekly 0.6 https://kqlsearch.com/query/Malicious%20FIDO2%20Registration%20Threat%20Detection&clzh295ss002f5ivoigt4pv13 2024-08-05T14:02:19.410Z weekly 0.6 https://kqlsearch.com/query/Leveraging%20Sentinel%20UEBA%20to%20safeguard%20against%20OpenSSH%20vulnerability%20exploits&clzh2908g002e5ivo7936z0xz 2024-08-05T14:02:12.206Z weekly 0.6 https://kqlsearch.com/query/KQL%20to%20check%20Azure%20API%20spray%20attacks&clzh28tpa002d5ivodpvs5rbx 2024-08-05T14:02:03.731Z weekly 0.6 https://kqlsearch.com/query/KQL%20for%20detecting%20potential%20hashtag%23RegreSSHion%20abuse&clzh28iz5002c5ivo6h6rsrt6 2024-08-05T14:01:49.839Z weekly 0.6 https://kqlsearch.com/query/KQL%20URL%20Protection%20Report&clzh28c6b002b5ivo9nnkw2xi 2024-08-05T14:01:41.016Z weekly 0.6 https://kqlsearch.com/query/KQL%20Sniper%20for%20Compromised%20Account%20(Sentinel%20UEBA)%20&clzh27z2l002a5ivo5czwdonh 2024-08-05T14:01:24.034Z weekly 0.6 https://kqlsearch.com/query/Insider%20Threat%20-%20Monitor%20sensitive%20bulk%20download%20data%20email%20to%20external%20&clzh27tbv00295ivo6xowcq5v 2024-08-05T14:01:16.601Z weekly 0.6 https://kqlsearch.com/query/Identity%20Blast%20Radius%202&clzh27jpl00285ivoejcfv8zh 2024-08-05T14:01:04.126Z weekly 0.6 https://kqlsearch.com/query/GraphRunner%20Recon%20Detection%20%26%20Response&clzh27eme00275ivox9verar6 2024-08-05T14:00:57.541Z weekly 0.6 https://kqlsearch.com/query/Entra%20Risk%20Events%20%26%20MITRE%20ATT%26CK%20Analysis&clzh275n400265ivovgknqk2o 2024-08-05T14:00:45.894Z weekly 0.6 https://kqlsearch.com/query/Entra%20Passkey%20Addition%20Threat%20Detection&clzh26pe000255ivov27qu13b 2024-08-05T14:00:24.830Z weekly 0.6 https://kqlsearch.com/query/Detecting%20TeamsPhisher%20attack%20with%20Azure%20Sentinel&clzh26gum00245ivogk7moqwj 2024-08-05T14:00:13.773Z weekly 0.6 https://kqlsearch.com/query/Detecting%20Nation%20State%20Actors%20%40%20Near%20Realtime&clzh267lp00235ivo1xgmmzxz 2024-08-05T14:00:01.779Z weekly 0.6 https://kqlsearch.com/query/Detecting%20High%20Risk%20Passkey%20Users&clzh264oh00225ivoryy3cs1j 2024-08-05T13:59:58.000Z weekly 0.6 https://kqlsearch.com/query/Detect%20privilege%20escalation%20to%20Global%20Admin%20role%20via%20compromised%20service%20principal&clzh25z0h00215ivo4lauy57v 2024-08-05T13:59:50.657Z weekly 0.6 https://kqlsearch.com/query/Defending%20malicious%20MS%20graph%20activity%20with%20MS%20Sentinel%20Threat%20Intelligence&clzh25trl00205ivo7auu61bm 2024-08-05T13:59:43.847Z weekly 0.6 https://kqlsearch.com/query/Defending%20Cyber%20Threats%20Leveraging%20Microsoft%20Graph%20API%20&clzh25nsa001z5ivof06hrds6 2024-08-05T13:59:36.105Z weekly 0.6 https://kqlsearch.com/query/DISCOVERY%3A%20Obsolete%20device%20connecting%20to%20Entra&clzh25hrt001y5ivo019z6bme 2024-08-05T13:59:28.312Z weekly 0.6 https://kqlsearch.com/query/Custom%20DefenderXDR%20KQL%20detection%20for%20fake%20CrowdStrike%20email%20domain%20using%20Regex&clzh25cso001x5ivoqo8m8r0x 2024-08-05T13:59:21.854Z weekly 0.6 https://kqlsearch.com/query/Conditional%20Access%20Report&clzh257bs001w5ivo12hn7ugb 2024-08-05T13:59:14.775Z weekly 0.6 https://kqlsearch.com/query/Azure%20cloud%20account%20takeover&clzh252gu001v5ivo6j1njhqz 2024-08-05T13:59:08.477Z weekly 0.6 https://kqlsearch.com/query/Azure%20cloud%20account%20takeover%20(ATO)%20Reconnaissance%20Detection&clzh24xgg001u5ivodz1v7gkc 2024-08-05T13:59:01.974Z weekly 0.6 https://kqlsearch.com/query/Azure%20CLI%20Spray%20-%20ASN%2053667&clzh24qiw001t5ivoa5oc0wzn 2024-08-05T13:58:52.999Z weekly 0.6 https://kqlsearch.com/query/Analyzing%20Malicious%20Microsoft%20Graph%20API%20Rate%20Limit%20Count&clzh24li8001s5ivo6e8f6up7 2024-08-05T13:58:46.484Z weekly 0.6 https://kqlsearch.com/query/Add%20Passkey%20device-bound%20MS%20Authenticator%20Windows%20Hello%20detection&clzh24d33001r5ivowd2kswjq 2024-08-05T13:58:35.582Z weekly 0.6 https://kqlsearch.com/query/Vulnerability%20Profile%3A%20CVE-2024-30040%20(Zero-day)&clzh2477s001q5ivo2e4garfg 2024-08-05T13:58:27.966Z weekly 0.6 https://kqlsearch.com/query/UNIT42%20-%20Abuse%20Microsoft%20OneNote%20files%20on%20the%20rise&clzh240lu001p5ivomjmme5s4 2024-08-05T13:58:19.409Z weekly 0.6 https://kqlsearch.com/query/Tracking%20The%20Most%20Dangerous%20Entra%20Admin%20Role&clzh23v1l001o5ivo9kdbvlyz 2024-08-05T13:58:12.191Z weekly 0.6 https://kqlsearch.com/query/Threat%20hunting%20voice%20phishing%20for%20Teams&clzh23pfa001n5ivoy8f3uckt 2024-08-05T13:58:04.917Z weekly 0.6 https://kqlsearch.com/query/The%20Hunt%20for%20QR%20Phisher&clzh23hat001m5ivoi762zhhz 2024-08-05T13:57:54.378Z weekly 0.6 https://kqlsearch.com/query/Seashell%20Blizzard%20(IRIDIUM)%20-%20PWS%3AWin64-HighCount&clzh236q4001l5ivoqn5t4xa8 2024-08-05T13:57:40.683Z weekly 0.6 https://kqlsearch.com/query/Remote%20code%20execution%20exploit%20chain%20in%20OpenVPN&clzh231mc001k5ivo8kfqfr5n 2024-08-05T13:57:34.067Z weekly 0.6 https://kqlsearch.com/query/Perimeter%20Defense%20-%20Attack%20Surface%20Reduction&clzh22wk1001j5ivokba02jl7 2024-08-05T13:57:27.495Z weekly 0.6 https://kqlsearch.com/query/New%20Information%20Stealer%20-%20SamsStealer%20(By%20CYFIRMA)&clzh22jbz001i5ivobdzcovqp 2024-08-05T13:57:10.365Z weekly 0.6 https://kqlsearch.com/query/Near%20real-time%20(NRT)%20custom%20DefenderXDR%20detection%20%26%20isolation%20for%20Windows%20Whatsapp%20security%20risk&clzh22emp001h5ivo7c8kfz24 2024-08-05T13:57:04.272Z weekly 0.6 https://kqlsearch.com/query/Multi-Cloud%20DefenderXDR%20KQL%20Threat%20Detection&clzh229rp001g5ivo5gxy7sov 2024-08-05T13:56:57.958Z weekly 0.6 https://kqlsearch.com/query/Monthly%20Report%20Entra%20Eligible%20Role%20Activation&clzh2212d001f5ivoj9meqkvd 2024-08-05T13:56:46.690Z weekly 0.6 https://kqlsearch.com/query/Microsoft%20Defender%20Advanced%20Hunting%20Copilot%20Activities&clzh21w0r001e5ivo1ajxg49n 2024-08-05T13:56:40.145Z weekly 0.6 https://kqlsearch.com/query/MailItemsAccessed%20Defense&clzh21mae001d5ivozoqhorwt 2024-08-05T13:56:27.542Z weekly 0.6 https://kqlsearch.com/query/MS%20Teams%20DLP%20Playbook&clzh21ike001c5ivot40ab9wn 2024-08-05T13:56:22.718Z weekly 0.6 https://kqlsearch.com/query/MDE%3A%20Detecting%20Quick%20Assist%20Usage&clzh21f3c001b5ivo0i3o5gqx 2024-08-05T13:56:18.207Z weekly 0.6 https://kqlsearch.com/query/MDE%20KQL%20to%20detect%20UAC%20bypass%20of%20Fickle%20Stealer&clzh210oq001a5ivolpb5k4dd 2024-08-05T13:55:59.545Z weekly 0.6 https://kqlsearch.com/query/MDE%20KQL%20to%20detect%20TA571%20socialengineering%20abuse&clzh20v9p00195ivonh8cbj4x 2024-08-05T13:55:52.524Z weekly 0.6 https://kqlsearch.com/query/LockBit%20Black%20Ransomware&clzh20r2y00185ivousn3v7su 2024-08-05T13:55:47.088Z weekly 0.6 https://kqlsearch.com/query/KQL%20to%20detect%20new%20chromium%20browser%20extension%20installation%20on%20MDE%20endpoints%20by%20Emerald%20Sleet%20(APT43)&clzh20m5400175ivothr8esrt 2024-08-05T13:55:40.695Z weekly 0.6 https://kqlsearch.com/query/KQL%20to%20detect%20if%20Polyfill%20malicious%20payload%20was%20loaded&clzh20dl300165ivoyc6jnknd 2024-08-05T13:55:29.588Z weekly 0.6 https://kqlsearch.com/query/KQL%20query%20to%20oversee%20the%20privileged%20OAuth%20grants%20allocated%20to%20the%20Microsoft%20Graph%20Command%20Line%20Tools%20OAuth%20App&clzh208lz00155ivoz04xxdiz 2024-08-05T13:55:23.158Z weekly 0.6 https://kqlsearch.com/query/Insider%20Threat%20Monitoring%20-%20Exfiltrate%20data%20via%20Link%20to%20Windows%20app&clzh200nc00145ivobu89860c 2024-08-05T13:55:12.830Z weekly 0.6 https://kqlsearch.com/query/Identity%20Blast%20Radius&clzh1zsif00135ivoo1vra5dg 2024-08-05T13:55:02.294Z weekly 0.6 https://kqlsearch.com/query/Hunting%20AI%20Recall%20on%20Windows%2011%2024H2&clzh1zm4000125ivoieusx69q 2024-08-05T13:54:54.000Z weekly 0.6 https://kqlsearch.com/query/High%20Precision%20KQL%20to%20detect%20MuddyWater%20BugSleep%20Backdoor&clzh1zhfq00115ivo1bapr7vb 2024-08-05T13:54:47.932Z weekly 0.6 https://kqlsearch.com/query/Git%20Critical%20Vulnerability%20CVE-2024-32002&clzh1z41100105ivojv3fit3d 2024-08-05T13:54:30.564Z weekly 0.6 https://kqlsearch.com/query/Exposure%20Management%20-%20Slim's%20Metric%20(MaxCVSS-DAW)&clzh1yyiq000z5ivo12arbt4l 2024-08-05T13:54:23.416Z weekly 0.6 https://kqlsearch.com/query/Exposure%20Management%20%2B%20Defender%20for%20Office%20365&clzh1ytfl000y5ivok6wj9y2i 2024-08-05T13:54:16.831Z weekly 0.6 https://kqlsearch.com/query/Entra%20Admin%20Roles%20Query&clzh1ylpo000x5ivoluiqd8mr 2024-08-05T13:54:06.817Z weekly 0.6 https://kqlsearch.com/query/EchoSpoofing&clzh1y878000w5ivocowcgwe6 2024-08-05T13:53:49.314Z weekly 0.6 https://kqlsearch.com/query/Device%20or%20VM%20with%20critical%20CVSS%20and%20ExploitIsVerified&clzh1y2jn000v5ivofbl6ogz5 2024-08-05T13:53:41.975Z weekly 0.6 https://kqlsearch.com/query/Detecting%20GOLDEN%20SAML%20Attack&clzh1xvv1000u5ivoznl7ohed 2024-08-05T13:53:33.324Z weekly 0.6 https://kqlsearch.com/query/Detect%20threat%20actor%20abuse%20CloudFlare%20tunnels%20to%20deliver%20RATS&clzh1xqyh000t5ivos20q61vk 2024-08-05T13:53:26.958Z weekly 0.6 https://kqlsearch.com/query/Detect%20privilege%20escalation%20to%20The%20Most%20Dangerous%20Entra%20Admin%20Role%20via%20compromised%20service%20principal&clzh1xl92000s5ivooji95ce1 2024-08-05T13:53:19.572Z weekly 0.6 https://kqlsearch.com/query/Detect%20Copilot%20Plugin%20Installation&clzh1xeqz000r5ivo2bn1wg3l 2024-08-05T13:53:11.147Z weekly 0.6 https://kqlsearch.com/query/Detect%20Copilot%20Exfiltration%20arises%20from%20AiTM%20Token%20Theft&clzh1x9wh000q5ivo3t1bddt0 2024-08-05T13:53:04.854Z weekly 0.6 https://kqlsearch.com/query/Detect%20CVE-2024-31497&clzh1x21q000p5ivofg4ewo2j 2024-08-05T13:52:54.685Z weekly 0.6 https://kqlsearch.com/query/Detect%20%26%20mitigate%20potential%20Specula%20Exploitation&clzh1wxrp000o5ivobqo19ck8 2024-08-05T13:52:49.106Z weekly 0.6 https://kqlsearch.com/query/Defending%20against%20dot%20zip%20domain%20phishing%20attack&clzh1wo95000n5ivoi14poixr 2024-08-05T13:52:36.808Z weekly 0.6 https://kqlsearch.com/query/Defending%20against%20Windows%20Internet%20Shortcut%20Files%20Security%20Feature%20Bypass%20Vulnerability%20(CVE-2024-21412)&clzh1wfbg000m5ivo1cvv8k6u 2024-08-05T13:52:25.219Z weekly 0.6 https://kqlsearch.com/query/Defending%20against%20CVE-2024-21413%20Outlook%20MonikerLink%20Bug%20Abuse&clzh1w963000l5ivojokknhtp 2024-08-05T13:52:17.258Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20exposure%20management%20for%20CVE-2024-38021&clzh1w040000k5ivoqc0mzbse 2024-08-05T13:52:05.510Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20Exposure%20Management%20for%20hashtag%23RegreSSHion&clzh1vp67000j5ivono8q06tr 2024-08-05T13:51:51.342Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20Exposure%20Management%20for%20CVE-2024-3094&clzh1vkfu000i5ivo8umd2y87 2024-08-05T13:51:45.200Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20Advanced%20Hunting%20All-In-One%20UPN%20Search&clzh1vec2000h5ivocvc32kjz 2024-08-05T13:51:37.297Z weekly 0.6 https://kqlsearch.com/query/DefenderXDR%20Advanced%20Hunting%20All-In-One%20IP%20Search&clzh1v5v1000g5ivonp1fy39x 2024-08-05T13:51:26.307Z weekly 0.6 https://kqlsearch.com/query/Data%20Exfiltration%20via%20Microsoft%20Teams&clzh1uw91000f5ivo9dgmc7wc 2024-08-05T13:51:13.861Z weekly 0.6 https://kqlsearch.com/query/Critical%20Monitor%20for%20Critical%20Assets&clzh1up9i000e5ivoyn3igvva 2024-08-05T13:51:04.795Z weekly 0.6 https://kqlsearch.com/query/Critical%20Identities%20Privilege%20Escalation%20on%20Entra%20Service%20Principal&clzh1uisu000d5ivofccuvm1a 2024-08-05T13:50:56.428Z weekly 0.6 https://kqlsearch.com/query/Critical%20Identities%20OAuth%20Grant&clzh1ubee000c5ivo4ofb8sla 2024-08-05T13:50:46.826Z weekly 0.6 https://kqlsearch.com/query/Cobalt%20Strike%20HTTPS%20beaconing%20over%20Microsoft%20Graph%20API&clzh1u4ej000b5ivogt74a955 2024-08-05T13:50:37.769Z weekly 0.6 https://kqlsearch.com/query/CloudApp%20Privilege%20OAuth%20Grant&clzh1tya9000a5ivoo9v2n9vc 2024-08-05T13:50:29.829Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-38112%20ZERO-DAY%20TRICKS%20IN%20dot%20URL%20TO%20LURE%20VICTIMS&clzh1ttg200095ivobz4ezo7i 2024-08-05T13:50:23.569Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-3094%20with%20CVSS%20Score%2010&clzh1tnzc00085ivoirhj38vb 2024-08-05T13:50:16.486Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-29510%20Ghostscript%20library%20RCE%20bug%20Exploited&clzh1ticx00075ivonuoqcfgb 2024-08-05T13:50:09.191Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-26234%20and%20CVE-2024-29988&clzh1tcr800065ivo40vs1n3b 2024-08-05T13:50:01.938Z weekly 0.6 https://kqlsearch.com/query/ATP%20Detection%20for%20Critical%20Identities&clzh1t4s700055ivovjvlfyr6 2024-08-05T13:49:51.597Z weekly 0.6 https://kqlsearch.com/query/regreSSHion%20-%20Remote%20Unauthenticated%20Code%20Execution%20Vulnerability%20in%20OpenSSH%20server&clzh1syur00045ivo1phiy5ys 2024-08-05T13:49:43.921Z weekly 0.6 https://kqlsearch.com/query/Monitor%20Azure%20API%20Secrets%20Extraction&clzh1spa100035ivomhptj9kd 2024-08-05T13:49:31.502Z weekly 0.6 https://kqlsearch.com/query/Azure%20Storage%20Blob%20-%20Misconfiguration%20Check&clzh1sitc00025ivocekk50x7 2024-08-05T13:49:23.134Z weekly 0.6 https://kqlsearch.com/query/Azure%20Resource%20Graph%20Explorer%20-%20KQL%20Change%20Analysis&clzh1sd8800015ivoehin96tp 2024-08-05T13:49:15.884Z weekly 0.6 https://kqlsearch.com/query/Azure%20Cloud%20Security%20Monitoring&clzh1s6kt00005ivorlovkc3s 2024-08-05T13:49:07.274Z weekly 0.6 https://kqlsearch.com/query/Unauthorized%20actor%20has%20been%20added%20Federated%20Credential%20on%20User-Assigned%20Managed%20Identity&clzcl6e3u004tmc0qgjgkbj1z 2024-08-02T10:53:11.897Z weekly 0.6 https://kqlsearch.com/query/MS_Copilots&clzbi621w0044mc0q4ixoi886 2024-08-01T16:41:11.395Z weekly 0.6 https://kqlsearch.com/query/exposure-management-browser-cookies-with-credentials-of-privileged-users&clzb5mybx003vmc0qqjpq16d1 2024-08-01T10:50:24.716Z weekly 0.6 https://kqlsearch.com/query/DirectoryRolesWithDetails&clz8nqwsj002amc0qu2p0dzkh 2024-07-30T16:54:03.907Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-37085-suspicious-creation-of-esx-admins-group&clz8npo1j0029mc0q2eew9vnq 2024-07-30T16:53:05.766Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-37085-suspicious-creation-of-esx-admins-group-through-securityevent&clz8npghq0028mc0qc4m0l2r4 2024-07-30T16:52:56.126Z weekly 0.6 https://kqlsearch.com/query/non-familiar%20DHCPDomains%20configured%20in%20our%20devices&clz5f9c5500025ie89yr29fqj 2024-07-28T10:33:08.528Z weekly 0.6 https://kqlsearch.com/query/Sign-in%20Attempts%20from%20multiple%20countries&clz5f98a800015ie8y9fn342z 2024-07-28T10:33:03.535Z weekly 0.6 https://kqlsearch.com/query/Malicious%20ISP's&clz5f91ny00005ie8t0sti8ck 2024-07-28T10:32:54.956Z weekly 0.6 https://kqlsearch.com/query/same%20infected%20files%20detected%20in%20multiple%20devices&clz5f8nsz00015iogr9nvjxnp 2024-07-28T10:32:36.994Z weekly 0.6 https://kqlsearch.com/query/Devices%20with%20external%20RDP%20connections&clz5f8l8700005iogeybcfwfw 2024-07-28T10:32:33.654Z weekly 0.6 https://kqlsearch.com/query/SetThreadContextRemoteApiCallQuery&clz5eye3z00055ii0e5oyzcfi 2024-07-28T10:24:37.860Z weekly 0.6 https://kqlsearch.com/query/QueueUserApcRemoteApiCallDetectionRule&clz5eyagb00045ii05jwg9m8a 2024-07-28T10:24:33.130Z weekly 0.6 https://kqlsearch.com/query/NtMapViewOfSectionDetectionRule&clz5ey5nq00035ii0903ws6tf 2024-07-28T10:24:26.917Z weekly 0.6 https://kqlsearch.com/query/GetAsyncKeyStateApiCallQuery&clz5ey3bp00025ii0oxua1hdv 2024-07-28T10:24:23.891Z weekly 0.6 https://kqlsearch.com/query/ectprofilesuspiciousscripts&clz5exwaw00015ii0z2ittqcc 2024-07-28T10:24:14.791Z weekly 0.6 https://kqlsearch.com/query/TripleCrosseBPFRootkit&clz5exsh700005ii0dx0b5y5n 2024-07-28T10:24:09.833Z weekly 0.6 https://kqlsearch.com/query/SudoersFileEnumeration&clz5evrun00185it4b75904wj 2024-07-28T10:22:35.710Z weekly 0.6 https://kqlsearch.com/query/Sudoers.dFileCreation&clz5evo7y00165it4q20ey2yh 2024-07-28T10:22:30.997Z weekly 0.6 https://kqlsearch.com/query/ShadowPasswdcopytosuspiciouslocation&clz5evj0o00145it491w6n7mw 2024-07-28T10:22:24.263Z weekly 0.6 https://kqlsearch.com/query/ShadowFileModified&clz5eveic00125it4lvz9r8mk 2024-07-28T10:22:18.419Z weekly 0.6 https://kqlsearch.com/query/PtraceDetected&clz5evand00105it4kc3xhbu6 2024-07-28T10:22:13.416Z weekly 0.6 https://kqlsearch.com/query/Linuxwebshell&clz5ev756000y5it4ctr629xy 2024-07-28T10:22:08.873Z weekly 0.6 https://kqlsearch.com/query/Getcapdetection&clz5ev25k000w5it4n3ijvx2y 2024-07-28T10:22:02.407Z weekly 0.6 https://kqlsearch.com/query/DoasConfFileCreation&clz5euzec000u5it4oydk1vde 2024-07-28T10:21:58.827Z weekly 0.6 https://kqlsearch.com/query/ChattrImmutableRemoval&clz5euvth000s5it4gzip5b00 2024-07-28T10:21:54.196Z weekly 0.6 https://kqlsearch.com/query/Base64Shebang&clz5eus84000q5it4d6ewk6lg 2024-07-28T10:21:49.539Z weekly 0.6 https://kqlsearch.com/query/BPFKprobe&clz5eunfu000o5it4n8kmrv1b 2024-07-28T10:21:43.329Z weekly 0.6 https://kqlsearch.com/query/rnpkeysDllHijack&clz5eufee000m5it4gv68kzto 2024-07-28T10:21:32.917Z weekly 0.6 https://kqlsearch.com/query/AsrWebShellOnServerAuditedQuery&clz5eu7s3000k5it4rmdvyymc 2024-07-28T10:21:23.041Z weekly 0.6 https://kqlsearch.com/query/AsrVulnerableSignedDriverAuditedQuery&clz5eu47l000i5it4xvr2w7vm 2024-07-28T10:21:18.416Z weekly 0.6 https://kqlsearch.com/query/AsrUntrustedUsbProcessAuditedDetectionRule&clz5eu0ib000g5it4pk8cgb7p 2024-07-28T10:21:13.618Z weekly 0.6 https://kqlsearch.com/query/AsrUntrustedExecutableAuditedQuery&clz5etxrs000e5it4ag9dz94x 2024-07-28T10:21:10.071Z weekly 0.6 https://kqlsearch.com/query/AsrPsexecWmiChildProcessAuditedQuery&clz5etsiy000c5it4mr96phss 2024-07-28T10:21:03.273Z weekly 0.6 https://kqlsearch.com/query/AsrOfficeProcessInjectionAuditedQuery&clz5etobd000a5it4c10t6fcv 2024-07-28T10:20:57.815Z weekly 0.6 https://kqlsearch.com/query/AsrOfficeMacroWin32ApiCallsAuditedDetecitonRule&clz5etknm00085it4vsva8ej7 2024-07-28T10:20:53.073Z weekly 0.6 https://kqlsearch.com/query/AsrOfficeChildProcessAuditedQuery&clz5ethrp00065it4n48hcteo 2024-07-28T10:20:49.323Z weekly 0.6 https://kqlsearch.com/query/AsrLsassCredentialTheftAuditedQuery&clz5etdw100045it4g4u4glw9 2024-07-28T10:20:44.303Z weekly 0.6 https://kqlsearch.com/query/AsrExecutableEmailContentAuditedDetectionRule&clz5et8xx00025it4uro8xica 2024-07-28T10:20:37.892Z weekly 0.6 https://kqlsearch.com/query/AsrAdobeReaderChildProcessAuditedDetectionRule&clz5et5p000005it46mp6r3i6 2024-07-28T10:20:33.682Z weekly 0.6 https://kqlsearch.com/query/RegSamDumping&clz1cl43t000pmc0pm5ig0m0i 2024-07-25T14:07:14.440Z weekly 0.6 https://kqlsearch.com/query/TIMapQueryGenerator&clz0z80dw000gmc0pp2k7kv6t 2024-07-25T07:53:08.076Z weekly 0.6 https://kqlsearch.com/query/WscriptInternetConnection&clz0ybmsa002c5iog6u15tj0p 2024-07-25T07:27:57.465Z weekly 0.6 https://kqlsearch.com/query/SmashjackerAppinitDLLmodifcation&clz0ybj7y002a5iogwzfe62m2 2024-07-25T07:27:52.835Z weekly 0.6 https://kqlsearch.com/query/SecretsdumpExecution&clz0ybg6g00285iogp9fpwjlu 2024-07-25T07:27:48.903Z weekly 0.6 https://kqlsearch.com/query/WMIEventConsumer&clz0ybb1c00265iogu3uihqwo 2024-07-25T07:27:42.238Z weekly 0.6 https://kqlsearch.com/query/ServiceCreationRATools&clz0yb6dz00245iog5lu9omnn 2024-07-25T07:27:36.204Z weekly 0.6 https://kqlsearch.com/query/ServiceCreationIDE&clz0yb1lq00225iog7k2bvmey 2024-07-25T07:27:30.013Z weekly 0.6 https://kqlsearch.com/query/ServiceCreation&clz0yay7n00205iogal3zro2m 2024-07-25T07:27:25.618Z weekly 0.6 https://kqlsearch.com/query/InternetFacingDevices&clz0yatxq001y5iogmp1gn9bs 2024-07-25T07:27:20.067Z weekly 0.6 https://kqlsearch.com/query/SQlite3TCC&clz0yape6001w5iogjivqdkvk 2024-07-25T07:27:14.188Z weekly 0.6 https://kqlsearch.com/query/PasswordStores&clz0yam7y001u5iogtihryepp 2024-07-25T07:27:10.076Z weekly 0.6 https://kqlsearch.com/query/NetworkSetupProxy&clz0yahjh001s5iogug0kjblx 2024-07-25T07:27:04.012Z weekly 0.6 https://kqlsearch.com/query/CredentialAccessBuiltin&clz0yadl3001q5iog3vm93mt7 2024-07-25T07:26:58.886Z weekly 0.6 https://kqlsearch.com/query/SuspiciousSQLChildren&clz0yaagu001o5iogr65j4qh6 2024-07-25T07:26:54.845Z weekly 0.6 https://kqlsearch.com/query/ISOIMGMount&clz0ya4uy001m5iogj9fkchec 2024-07-25T07:26:47.578Z weekly 0.6 https://kqlsearch.com/query/SuspiciousMSIExecRRobin&clz0ya29l001k5iogytleoerx 2024-07-25T07:26:44.207Z weekly 0.6 https://kqlsearch.com/query/SimonThatamC2Putty&clz0y9yhk001i5iogqqc1lz3f 2024-07-25T07:26:39.319Z weekly 0.6 https://kqlsearch.com/query/RemoteAdminCerts&clz0y9ubd001g5iogycgmk3kq 2024-07-25T07:26:33.912Z weekly 0.6 https://kqlsearch.com/query/FreeSSLProviders&clz0y9opc001e5iogp9teyhlw 2024-07-25T07:26:26.640Z weekly 0.6 https://kqlsearch.com/query/ExportMailbox&clz0y9k5b001c5iogyhbscoxm 2024-07-25T07:26:20.734Z weekly 0.6 https://kqlsearch.com/query/ServinceInstall&clz0y9glu001a5iogqznnvdff 2024-07-25T07:26:16.145Z weekly 0.6 https://kqlsearch.com/query/NamedPipeDetection&clz0y9cro00185iogvgl9ik40 2024-07-25T07:26:11.171Z weekly 0.6 https://kqlsearch.com/query/WebDavTempFiles&clz0y989300165iog01e9jsdr 2024-07-25T07:26:05.318Z weekly 0.6 https://kqlsearch.com/query/WMISBMExec&clz0y93pg00145iog05dnqbqe 2024-07-25T07:25:59.428Z weekly 0.6 https://kqlsearch.com/query/SuspiciousPDQDeployRunnerChild&clz0y90od00125iog3k97n2kx 2024-07-25T07:25:55.500Z weekly 0.6 https://kqlsearch.com/query/SuspiciousMSC&clz0y8vgp00105ioghrxnuvzb 2024-07-25T07:25:48.745Z weekly 0.6 https://kqlsearch.com/query/PowershellV2Downgrade&clz0y8q3d000y5iog99aht5ka 2024-07-25T07:25:41.785Z weekly 0.6 https://kqlsearch.com/query/PowershellDLLexecutions&clz0y8l41000w5iogo7m1vgo5 2024-07-25T07:25:35.329Z weekly 0.6 https://kqlsearch.com/query/PSexecNamedPipe&clz0y8ho2000u5iogstmlk6hk 2024-07-25T07:25:30.866Z weekly 0.6 https://kqlsearch.com/query/OfficeSmartScreen&clz0y8czb000s5iogh3xc7mby 2024-07-25T07:25:24.790Z weekly 0.6 https://kqlsearch.com/query/MusciFolderExecution&clz0y871t000q5iogheb5abjj 2024-07-25T07:25:17.105Z weekly 0.6 https://kqlsearch.com/query/MaliciousNamedPipes&clz0y829o000o5iogxzimanmt 2024-07-25T07:25:10.899Z weekly 0.6 https://kqlsearch.com/query/MSHTAExecutions&clz0y7x6z000m5iogcg50ziqq 2024-07-25T07:25:04.330Z weekly 0.6 https://kqlsearch.com/query/DismLinuxSubsystem&clz0y7t9p000k5iog43431kdl 2024-07-25T07:24:59.245Z weekly 0.6 https://kqlsearch.com/query/DiscordDriveby&clz0y7qdv000j5iogc8hl1x1y 2024-07-25T07:24:55.506Z weekly 0.6 https://kqlsearch.com/query/RundllSuspicious&clz0y7mbn000h5ioghcqgvcnv 2024-07-25T07:24:50.233Z weekly 0.6 https://kqlsearch.com/query/Rundllwithoutcommandline&clz0y7i05000f5iogrcnogsyq 2024-07-25T07:24:44.644Z weekly 0.6 https://kqlsearch.com/query/DefenderExclusion&clz0y7ebt000e5iogt7lqmsft 2024-07-25T07:24:39.880Z weekly 0.6 https://kqlsearch.com/query/CoralRaiderMSHTAPowershell&clz0y75qi000c5ioge9mixsrx 2024-07-25T07:24:28.745Z weekly 0.6 https://kqlsearch.com/query/GoSimpleTunnel&clz0y6xry000a5iog1rqi7ofz 2024-07-25T07:24:18.429Z weekly 0.6 https://kqlsearch.com/query/FreeSSL&clz0y6t4200085iogmp3vkicp 2024-07-25T07:24:12.385Z weekly 0.6 https://kqlsearch.com/query/CertReq&clz0y6p3h00065iogmlo1lltf 2024-07-25T07:24:07.180Z weekly 0.6 https://kqlsearch.com/query/CSSacricialProcesses&clz0y6m4m00045iogo0bhuoj6 2024-07-25T07:24:03.323Z weekly 0.6 https://kqlsearch.com/query/C2IntelFeedsdomain&clz0y6hoy00025iog80k8i0mk 2024-07-25T07:23:57.584Z weekly 0.6 https://kqlsearch.com/query/C2IntelFeedsIPs&clz0y6d1200005iogcyfxyis5 2024-07-25T07:23:51.540Z weekly 0.6 https://kqlsearch.com/query/ClientIP%20malfunction&clyyi8nc301agmc0q8un82tiy 2024-07-23T14:22:12.002Z weekly 0.6 https://kqlsearch.com/query/crowdstrike-suspicious-domains&clytv61js017jmc0qez0vovmr 2024-07-20T08:25:14.583Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Unusual%20Kerberos%20authentication%20ticket%20(TGT)&clyqabast015amc0q5khgb48j 2024-07-17T20:18:09.244Z weekly 0.6 https://kqlsearch.com/query/ManagedIdentityAssignmentsToResource&clyov5czj014dmc0qg8a0dx3q 2024-07-16T20:25:51.870Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20Email%20-%20PostDeliveryEvents&clyov0r9s014cmc0qbc9ovqa5 2024-07-16T20:22:17.103Z weekly 0.6 https://kqlsearch.com/query/alerts-related-to-deception-in-microsoft-defender-xdr&clyjv5g910117mc0qwwx9szrx 2024-07-13T08:27:05.221Z weekly 0.6 https://kqlsearch.com/query/CryptoMiningDetection&clyfkv3xv00yimc0qpggs4hdy 2024-07-10T08:28:01.842Z weekly 0.6 https://kqlsearch.com/query/XclipExecutions&clyeibsfd00xtmc0qfeai96bj 2024-07-09T14:29:15.045Z weekly 0.6 https://kqlsearch.com/query/ShadowFileModified&clybagffv00vsmc0q2zx1d7bl 2024-07-07T08:25:36.043Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-6387-regresshion-identify-affected-internet-facing-endpoints&cly7cybs800tbmc0qp5y3tqzt 2024-07-04T14:24:25.639Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-6387-regresshion-identify-affected-endpoints&cly7cy8cu00tamc0qpywghyau 2024-07-04T14:24:21.198Z weekly 0.6 https://kqlsearch.com/query/Multiple-Multiple%20device%20names%20from%20IP%20address&cly6a74bj00slmc0q6avhak2e 2024-07-03T20:19:30.847Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Unusual%20network%20share%20access&cly4hvmta00rgmc0qe0njdadf 2024-07-02T14:18:59.518Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Unusual%20IPC%20share%20access&cly4hvhih00rfmc0qblwa6x6b 2024-07-02T14:18:52.503Z weekly 0.6 https://kqlsearch.com/query/Activity_Increase_by_date&cly32cos000qimc0qqtgcs0b0 2024-07-01T14:16:35.183Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20JA3Blacklist&clxzuugv400ohmc0q0fpsnjs8 2024-06-29T08:23:09.279Z weekly 0.6 https://kqlsearch.com/query/MailItemsAccessed&clxxpnt3900n6mc0qyows3iz0 2024-06-27T20:22:28.101Z weekly 0.6 https://kqlsearch.com/query/DeviceRegistryEvents-Unexpected%20Network%20Provider&clxxcojv000mxmc0qw6mifcqf 2024-06-27T14:19:07.787Z weekly 0.6 https://kqlsearch.com/query/ExposureManagement%20-%20LateralMovementPaths&clxwzwxlt00momc0qmsgk2a00 2024-06-27T08:21:43.841Z weekly 0.6 https://kqlsearch.com/query/ExposureManagement%20-%20DeviceActivities&clxvkjq8w00lrmc0qw898ejaj 2024-06-26T08:23:47.359Z weekly 0.6 https://kqlsearch.com/query/ExposureManagement%20-%20CloudPermissionsUser&clxuurfpg00lamc0qfzmk6que 2024-06-25T20:21:56.931Z weekly 0.6 https://kqlsearch.com/query/MDE-WSL&clxui0l4o00l1mc0qjh04illp 2024-06-25T14:25:08.855Z weekly 0.6 https://kqlsearch.com/query/DeviceNetworkEvents-SSL%20connection%20with%20suspicious%20JA3%20fingerprint&clxuhuja300l0mc0qd38s09ea 2024-06-25T14:20:26.379Z weekly 0.6 https://kqlsearch.com/query/MaliciousJA3Fingerprint&clxu59ft400krmc0qmwgegigu 2024-06-25T08:28:06.856Z weekly 0.6 https://kqlsearch.com/query/MDO-QRCode&clxtsbsti00kimc0q0frr67he 2024-06-25T02:26:02.021Z weekly 0.6 https://kqlsearch.com/query/MDE-WDAC&clxtsbm5g00khmc0q0sje4hat 2024-06-25T02:25:53.380Z weekly 0.6 https://kqlsearch.com/query/MDE-Windows%2011%20-%20Missing%20Security%20Updates&clxtsbixq00kgmc0q5kculuc7 2024-06-25T02:25:49.070Z weekly 0.6 https://kqlsearch.com/query/DFC-CloudAuditEvents&clxts9vac00kfmc0qkp642kp0 2024-06-25T02:24:31.908Z weekly 0.6 https://kqlsearch.com/query/AD-FailedLogons&clxts9nbq00kemc0q0fenhkik 2024-06-25T02:24:21.589Z weekly 0.6 https://kqlsearch.com/query/suspicious-reconnaissance-activity-through-wsl&clxtfgloh00k5mc0q9z0q891r 2024-06-24T20:25:50.896Z weekly 0.6 https://kqlsearch.com/query/suspicious-execution-using-wsl&clxtfgio600k4mc0qaxtdwwbu 2024-06-24T20:25:47.141Z weekly 0.6 https://kqlsearch.com/query/suspicious-creation-of-files-in-etc-for-persistance-in-wsl&clxtfgg3f00k3mc0qd8uj5dli 2024-06-24T20:25:43.802Z weekly 0.6 https://kqlsearch.com/query/Sentinel-E5SecurityBenefit&clxtfexnu00k2mc0qx1ph7hlm 2024-06-24T20:24:33.257Z weekly 0.6 https://kqlsearch.com/query/MDE-EntraSyntheticDevice&clxtfek4e00k1mc0qiyzlbfkd 2024-06-24T20:24:15.709Z weekly 0.6 https://kqlsearch.com/query/MDE-DeviceIsolationstate&clxtfecc000k0mc0qx1979e04 2024-06-24T20:24:05.615Z weekly 0.6 https://kqlsearch.com/query/CloudResourceDeletion&clxof9zrf00gvmc0q25gn4mhi 2024-06-21T08:21:51.818Z weekly 0.6 https://kqlsearch.com/query/MostPermissiveEntities&clxmzw5t800fymc0q3xiv8vey 2024-06-20T08:23:26.059Z weekly 0.6 https://kqlsearch.com/query/RBACChanges&clxlkh10u00f1mc0qossccdn6 2024-06-19T08:23:59.597Z weekly 0.6 https://kqlsearch.com/query/MDE-Audit&clxjfbhav00domc0qbpeyn2b5 2024-06-17T20:24:10.184Z weekly 0.6 https://kqlsearch.com/query/AutomationAccount-RunbookStatus&clxjfb6dh00dnmc0q6b37mo31 2024-06-17T20:23:56.164Z weekly 0.6 https://kqlsearch.com/query/identify-endpoints-running-wsl-without-mde-plug-in&clxha5h5600camc0q7zot8xjr 2024-06-16T08:23:59.611Z weekly 0.6 https://kqlsearch.com/query/identify-endpoints-running-wsl&clxfuqwhs00bdmc0q6k6lxrsp 2024-06-15T08:24:59.391Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Malformed%20security%20descriptor&clx925u0e0074mc0q7ywgysyi 2024-06-10T14:18:10.093Z weekly 0.6 https://kqlsearch.com/query/EmailCountbyCountry&clx921opy0073mc0q41hj4xkx 2024-06-10T14:14:56.469Z weekly 0.6 https://kqlsearch.com/query/Ransomware%20-%20LeaksiteMontitoring&clx8pgmjm006umc0qtdkkyuqs 2024-06-10T08:22:38.485Z weekly 0.6 https://kqlsearch.com/query/nf_ransomware_leaksite_monitoring&clx6x4i1w005pmc0qr07yv8h4 2024-06-09T02:21:37.508Z weekly 0.6 https://kqlsearch.com/query/Weekly%20Security%20Incident%20Comparison&clx4vmx2q000j5inoqmy8lp7p 2024-06-07T16:04:25.201Z weekly 0.6 https://kqlsearch.com/query/Users%20affected%20by%20MFA%20enforcement&clx4vmu3s000h5inobop1vkmu 2024-06-07T16:04:21.351Z weekly 0.6 https://kqlsearch.com/query/TI%20Threatviewio%20Feed%20in%20EmailUrlInfo&clx4vmr3z000f5inopoyp26ft 2024-06-07T16:04:17.470Z weekly 0.6 https://kqlsearch.com/query/TI%20OpenPhish%20Free%20Feed%20Hits%20in%20EmailUrlInfo&clx4vmoj7000d5inom3zsizkw 2024-06-07T16:04:14.121Z weekly 0.6 https://kqlsearch.com/query/Successful%20Foreign%20Login%20Attempts%20Analysis&clx4vmmki000c5ino2m70y2gu 2024-06-07T16:04:11.585Z weekly 0.6 https://kqlsearch.com/query/Search%20for%20Webmail%20Users&clx4vmiya000a5ino5sm6ltcu 2024-06-07T16:04:06.897Z weekly 0.6 https://kqlsearch.com/query/RDP%20connections%20from%20devices%20to%20RemoteIP%20classified%20by%20country&clx4vmggd00085inowavlkxii 2024-06-07T16:04:03.660Z weekly 0.6 https://kqlsearch.com/query/Malicious%20QR%20Code%20File%20Attachment%20Found&clx4vmcwy00065inoubrg4gx7 2024-06-07T16:03:59.064Z weekly 0.6 https://kqlsearch.com/query/ChatGPT%20Usage%20Detection%20in%20Network%20Traffic&clx4vm9cf00045inodww6y8xh 2024-06-07T16:03:54.447Z weekly 0.6 https://kqlsearch.com/query/CIDRASN%20details%20for%20the%20RemoteIPs%20connections%20attempts&clx4vm6aq00025inom5tisfuk 2024-06-07T16:03:50.497Z weekly 0.6 https://kqlsearch.com/query/AiTM%20Phishing%20Compromised%20account%20validation&clx4vm43f00005inotq9kksle 2024-06-07T16:03:47.641Z weekly 0.6 https://kqlsearch.com/query/Windows%20RDP%20Logon%20Sessions&clx4u5hjj000m5iiomtzf5xio 2024-06-07T15:22:52.303Z weekly 0.6 https://kqlsearch.com/query/Weekly%20Email%20Security%20Analysis&clx4u5drt000k5iiokrl9e0k5 2024-06-07T15:22:47.408Z weekly 0.6 https://kqlsearch.com/query/Signin_AfterUrlClick&clx4u57kw000i5iioztyoice8 2024-06-07T15:22:39.392Z weekly 0.6 https://kqlsearch.com/query/Outlook%20monikerlink%20zeroday&clx4u548s000g5iion9h4hok2 2024-06-07T15:22:35.067Z weekly 0.6 https://kqlsearch.com/query/OpenPhish%20Urls%20in%20Emails&clx4u51hz000e5iiovfv7tpco 2024-06-07T15:22:31.510Z weekly 0.6 https://kqlsearch.com/query/Microsoft%20Entra%20ID%20User%20Removal&clx4u4yu2000c5iiovhzcpdb0 2024-06-07T15:22:28.057Z weekly 0.6 https://kqlsearch.com/query/MCAS%20Low%20Score%20App%20Usage%20Report&clx4u4wdh000a5iio71bp5sfk 2024-06-07T15:22:24.869Z weekly 0.6 https://kqlsearch.com/query/Intune%20Device%20Enrollment%20Information&clx4u4tph00085iioevbkxrrc 2024-06-07T15:22:21.412Z weekly 0.6 https://kqlsearch.com/query/Consumer%20VPN%20Logins&clx4u4q3800065iio1udg95wl 2024-06-07T15:22:16.724Z weekly 0.6 https://kqlsearch.com/query/Communication%20to%20threatintel.co.nz%20Feed%20IP&clx4u4n3600045iiofm5z7v1e 2024-06-07T15:22:12.833Z weekly 0.6 https://kqlsearch.com/query/Communication%20to%20greensnow.co%20IP%20Blacklist&clx4u4klv00025iio8gk2ac2z 2024-06-07T15:22:09.609Z weekly 0.6 https://kqlsearch.com/query/Azure%20Resource%20IAM%20access%20delgation&clx4u2vtk00005iiodgzpt6nq 2024-06-07T15:20:50.835Z weekly 0.6 https://kqlsearch.com/query/TheArtOfKnowingYourData&clx0ukbs3001wmc0qcw4n7x5o 2024-06-04T20:23:19.828Z weekly 0.6 https://kqlsearch.com/query/ManualAntivirusScans&clx0ujyqq001vmc0qt944t3r7 2024-06-04T20:23:03.074Z weekly 0.6 https://kqlsearch.com/query/EntraID-TenantRestrictionFailedSignin&clwz2bcuh000qmc0q0l9o0sh6 2024-06-03T14:24:46.025Z weekly 0.6 https://kqlsearch.com/query/MDI-Honeytoken%20was%20queried%20via%20SAM-R&clwyphhn9000gmc0qy4d1gdh7 2024-06-03T08:25:37.172Z weekly 0.6 https://kqlsearch.com/query/MDI-Audit-HealthIssue&clwv3qimk02zxmc0p3cki5n6g 2024-05-31T19:53:28.267Z weekly 0.6 https://kqlsearch.com/query/LiveResponseUnsignedPowerShellChanges&clwto9qs502z0mc0pwr4qgifn 2024-05-30T19:52:45.269Z weekly 0.6 https://kqlsearch.com/query/Multiple-Unexpected%20named%20pipes%20on%20multiple%20devices&clwtbdtfh02yrmc0pqf24r1jk 2024-05-30T13:52:00.316Z weekly 0.6 https://kqlsearch.com/query/OffboardingPackageDownloaded&clwpdyvqj02wamc0pl6nx2mwb 2024-05-27T19:53:17.610Z weekly 0.6 https://kqlsearch.com/query/DeviceRemovedFromIsolation&clwnygjix02vdmc0p2tukehdx 2024-05-26T19:51:21.560Z weekly 0.6 https://kqlsearch.com/query/LiveResponseFileCollection&clwm667iy02u8mc0puq2khybq 2024-05-25T13:51:44.026Z weekly 0.6 https://kqlsearch.com/query/Multiple-Suspicious%20device%20name&clwkqud0k02tbmc0p8khjbvoe 2024-05-24T13:54:50.851Z weekly 0.6 https://kqlsearch.com/query/IdentityLogonEvents-Unusual%20delegated%20resource%20access&clwkqu98i02tamc0py9uqtk5u 2024-05-24T13:54:45.810Z weekly 0.6 https://kqlsearch.com/query/AlertSupressionAdded&clwkdx00d02t1mc0pwldk2zre 2024-05-24T07:52:58.955Z weekly 0.6 https://kqlsearch.com/query/DeviceIsolation&clwjo6k1702skmc0ph24c1d1o 2024-05-23T19:52:34.794Z weekly 0.6 https://kqlsearch.com/query/Rcloneconfigfile&clwjbg2i002sbmc0pxrpzfzam 2024-05-23T13:56:03.623Z weekly 0.6 https://kqlsearch.com/query/RcloneFileProperties&clwjbfz4m02samc0pnbzbuz95 2024-05-23T13:55:59.253Z weekly 0.6 https://kqlsearch.com/query/rclone-use-detection&clwiyiryf02s1mc0p159aziax 2024-05-23T07:54:14.918Z weekly 0.6 https://kqlsearch.com/query/CustomDetectionDeletion&clwhj18s302r4mc0p5c2onv6w 2024-05-22T07:52:56.499Z weekly 0.6 https://kqlsearch.com/query/PrintspoolerElevation&clwf15itu02pjmc0pqo8frbr9 2024-05-20T13:56:50.563Z weekly 0.6 https://kqlsearch.com/query/ForestBlizzardCustomProtocolHandler&clwf15ffq02pimc0p48sos41a 2024-05-20T13:56:46.309Z weekly 0.6 https://kqlsearch.com/query/MonitorCloudBreakGlassAccount&clwb3iqnh02n1mc0p129wiw73 2024-05-17T19:52:01.900Z weekly 0.6 https://kqlsearch.com/query/SuspiciousMMC&clw9o9fja02m4mc0pk2iteoce 2024-05-16T19:57:07.027Z weekly 0.6 https://kqlsearch.com/query/ADSrootDirectoryFileCreation&clw9o7j6h02m3mc0ptsm2gw4b 2024-05-16T19:55:38.585Z weekly 0.6 https://kqlsearch.com/query/ADSRootProcessCreation&clw9o7gxi02m2mc0pnaedl4ek 2024-05-16T19:55:35.670Z weekly 0.6 https://kqlsearch.com/query/SliverPSexec&clw9o7cq902m1mc0pjzsj5615 2024-05-16T19:55:30.224Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20ThreatviewioDomain-High-Confidence-Feed&clw4o4jqn02iwmc0pzzydo2wj 2024-05-13T07:54:28.318Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20ThreatviewioIP-High-Confidence-Feed&clw13izsu02gnmc0pdry66jpp 2024-05-10T19:54:31.853Z weekly 0.6 https://kqlsearch.com/query/AnomalousAmountofURLClickEvents&clvy8jnju02eumc0pta0ar1sc 2024-05-08T19:51:42.329Z weekly 0.6 https://kqlsearch.com/query/weird%20SessionId&clvwt2mgx02dxmc0pcd6up3cy 2024-05-07T19:50:47.361Z weekly 0.6 https://kqlsearch.com/query/GraphURIAPIRequestStats&clvvdp0jv02d0mc0pv57kzj7m 2024-05-06T19:52:31.868Z weekly 0.6 https://kqlsearch.com/query/IPEnrichment&clvty8em202c3mc0pvfr4ndwh 2024-05-05T19:51:56.519Z weekly 0.6 https://kqlsearch.com/query/AppEnrichmentAADNonInteractiveUserSignInLogs&clvqdn8d9029umc0p4bt6k4m0 2024-05-03T07:52:17.804Z weekly 0.6 https://kqlsearch.com/query/AppEnrichmentExternalData&clvoy9a4s028xmc0pbg9r1xnk 2024-05-02T07:53:46.491Z weekly 0.6 https://kqlsearch.com/query/GraphResourceAPIRequestStats&clvo8i6j1028gmc0paba2e7yr 2024-05-01T19:52:51.710Z weekly 0.6 https://kqlsearch.com/query/MITRE_ATLAS_csv_parser&clvnvf90f0287mc0pakv8ufk6 2024-05-01T13:46:40.094Z weekly 0.6 https://kqlsearch.com/query/AzureHound&clvnipsq5027ymc0p630j4oc2 2024-05-01T07:50:57.053Z weekly 0.6 https://kqlsearch.com/query/MITRE_JSON_Parser&clvmsvznh027hmc0pis31v48p 2024-04-30T19:47:56.092Z weekly 0.6 https://kqlsearch.com/query/MITRE_ATLAS_parser&clvmsvupj027gmc0p7mycaadm 2024-04-30T19:47:49.545Z weekly 0.6 https://kqlsearch.com/query/rdp-default-listening-port-modification&clviismzg024rmc0po29df6a0 2024-04-27T19:54:18.843Z weekly 0.6 https://kqlsearch.com/query/identify-endpoints-where-mitigationstatus-is-isolated&clvht45i7024amc0pp1zn39xs 2024-04-27T07:55:26.046Z weekly 0.6 https://kqlsearch.com/query/rdp-enable-by-modifying-registry-key&clvhg6i3y0241mc0ppcsye5pu 2024-04-27T01:53:20.685Z weekly 0.6 https://kqlsearch.com/query/netsh-command-for-firewall-to-allow-incoming-rdp-connections&clvhg6d6z0240mc0pwlr96pwv 2024-04-27T01:53:14.314Z weekly 0.6 https://kqlsearch.com/query/EntraID-MDEDeviceRegistrations&clvh3b88a023rmc0pd1p9x7gy 2024-04-26T19:53:06.010Z weekly 0.6 https://kqlsearch.com/query/EntraID%20-%20GroupMembershipchanges-Dynamic&clvh3b35j023qmc0pier94vzm 2024-04-26T19:52:59.574Z weekly 0.6 https://kqlsearch.com/query/AuditLogs%20-%20UserActivities&clvfntlqm022vmc0peo240uln 2024-04-25T19:51:43.437Z weekly 0.6 https://kqlsearch.com/query/CountryInfoExternal&clvfnls5a022umc0p0cxbn6jt 2024-04-25T19:45:38.493Z weekly 0.6 https://kqlsearch.com/query/AzureServiceIPs&clvel0bpy0225mc0px12yxiax 2024-04-25T01:45:12.021Z weekly 0.6 https://kqlsearch.com/query/SentinelAnalyticsRuleNewCISAKnowExploitedVulnerabilityAdded&clvcszdt40210mc0pheysjbwl 2024-04-23T19:52:52.504Z weekly 0.6 https://kqlsearch.com/query/AppTraces-App%20Service%20failures&clvbdfzy00203mc0prx5gt4eb 2024-04-22T19:50:07.799Z weekly 0.6 https://kqlsearch.com/query/D4IOT-MaliciousNameQueriesDetection&clv9l88b001yymc0pbg49xbqh 2024-04-21T13:52:29.964Z weekly 0.6 https://kqlsearch.com/query/D4IOT-IoT_PLCOperatingMode&clv9l85ju01yxmc0p0ma9iv8h 2024-04-21T13:52:26.394Z weekly 0.6 https://kqlsearch.com/query/D4IOT-IoT_MalwareDetected&clv9l82tb01ywmc0pp9zgz5ia 2024-04-21T13:52:22.703Z weekly 0.6 https://kqlsearch.com/query/D4IOT-FTP%20Authentication%20failure&clv9l800u01yvmc0pnbcm9fga 2024-04-21T13:52:19.230Z weekly 0.6 https://kqlsearch.com/query/MDE-AIPClient&clv9l7kx701yumc0p3uuuz7ln 2024-04-21T13:51:59.657Z weekly 0.6 https://kqlsearch.com/query/GraphAPI%20-%20SuspiciousUserRequests&clv9l546n01ytmc0pb9rf43jh 2024-04-21T13:50:04.654Z weekly 0.6 https://kqlsearch.com/query/UserEnrichment&clv85r0mb01xwmc0pcthxu6ul 2024-04-20T13:51:26.290Z weekly 0.6 https://kqlsearch.com/query/CollectIncidentStatistics&clv6qb4ee01wzmc0p4bhufpkq 2024-04-19T13:51:24.279Z weekly 0.6 https://kqlsearch.com/query/minimum-characters-for-pim-activation-justification&cluxsvfap01remc0p58wmag8z 2024-04-13T07:53:15.312Z weekly 0.6 https://kqlsearch.com/query/Parsing-WizIssues&cluvnlyj201q3mc0puw5qhffd 2024-04-11T19:50:23.245Z weekly 0.6 https://kqlsearch.com/query/ListADDelegations&clupxyqum01momc0pve9fivbz 2024-04-07T19:53:38.925Z weekly 0.6 https://kqlsearch.com/query/AzureAD-DepreicatedPowerShellModule&clung06ug01l3mc0p3xturzsv 2024-04-06T01:55:20.870Z weekly 0.6 https://kqlsearch.com/query/DCA-ExtractPhoneNumber&clum033dn01jymc0pvaw1wgso 2024-04-05T01:41:56.315Z weekly 0.6 https://kqlsearch.com/query/TableData&clulnffcz01jxmc0p05dthvm1 2024-04-04T19:47:36.707Z weekly 0.6 https://kqlsearch.com/query/DataPerComputer&clulne05001jwmc0pc6mna3qm 2024-04-04T19:46:30.323Z weekly 0.6 https://kqlsearch.com/query/parse_ipv4%20malfunction&clujv9k3n01irmc0pnxq3nap9 2024-04-03T13:51:27.490Z weekly 0.6 https://kqlsearch.com/query/DnsEvents-DNS%20query%20resolved%20to%20Palo%20Alto%20Networks%20sinkhole&cluispr0b01i2mc0pmrdmjv7o 2024-04-02T19:52:17.771Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS%20S3%20object%20encrypted%20with%20external%20key&cluhd9l3w01h5mc0pkjifth6b 2024-04-01T19:52:03.212Z weekly 0.6 https://kqlsearch.com/query/InboundSSHConnectionToVulnerableXZMachine&clue5kqqs01f4mc0p1gkbe7h5 2024-03-30T13:53:28.419Z weekly 0.6 https://kqlsearch.com/query/CVE-2024-3094-internet-facing-devices&cludstmqp01evmc0ptjq53m1k 2024-03-30T07:56:27.985Z weekly 0.6 https://kqlsearch.com/query/LogAnalyticsQueryStatistics&clucq7m0u01e6mc0pe9sid2r9 2024-03-29T13:55:35.358Z weekly 0.6 https://kqlsearch.com/query/Watchlist_Item_Delete&clubaih6601d9mc0pe8cva20c 2024-03-28T13:48:22.253Z weekly 0.6 https://kqlsearch.com/query/EEG-StorageAccounts&clu8spfbh01bomc0p3888zqyu 2024-03-26T19:54:21.004Z weekly 0.6 https://kqlsearch.com/query/EEG-MaliciousLink&clu8spax101bnmc0pepi3skvo 2024-03-26T19:54:15.301Z weekly 0.6 https://kqlsearch.com/query/EEG-CriticalAssets&clu8sp67r01bmmc0pvxxz50zw 2024-03-26T19:54:09.059Z weekly 0.6 https://kqlsearch.com/query/EEG-AzureVirtualMachines&clu8sp3ac01blmc0po4r3qdwb 2024-03-26T19:54:05.411Z weekly 0.6 https://kqlsearch.com/query/ResourceContainerChanges-Azure%20subscription%20modified&clu8fr1js01bcmc0psoh6cwwk 2024-03-26T13:51:41.463Z weekly 0.6 https://kqlsearch.com/query/MDE-SoftwareUninstall&clu7q29m201avmc0p8hkvjpog 2024-03-26T01:52:34.969Z weekly 0.6 https://kqlsearch.com/query/MDE-ParseNetsh&clu7q20um01aumc0pxfd29y2r 2024-03-26T01:52:23.757Z weekly 0.6 https://kqlsearch.com/query/AD-SensitiveGroupChanges&clu7q1qmr01atmc0pvqr3ioww 2024-03-26T01:52:10.514Z weekly 0.6 https://kqlsearch.com/query/AD-GPOCreation&clu7q1lxy01asmc0pybevugd7 2024-03-26T01:52:04.437Z weekly 0.6 https://kqlsearch.com/query/SummaryOfPrivilegedOperationsByDirectoryRoleMember&clu5l02b9019fmc0pwj0jg3e0 2024-03-24T13:55:21.908Z weekly 0.6 https://kqlsearch.com/query/AzureResourceCount&clu32vogx017umc0prtl3u4h8 2024-03-22T19:52:31.904Z weekly 0.6 https://kqlsearch.com/query/NTDSDitFileModifications&clu1nfak5016xmc0po6e3z2cz 2024-03-21T19:52:06.964Z weekly 0.6 https://kqlsearch.com/query/SensitiveMicrosoftGraphDelegatedPermissionAccess&clu1ap6u0016omc0p13nkauye 2024-03-21T13:55:53.688Z weekly 0.6 https://kqlsearch.com/query/Tarfilexecutions&cltzigr6k015jmc0pw8s6hcc0 2024-03-20T07:57:44.731Z weekly 0.6 https://kqlsearch.com/query/PossibleMaliciousBrowserExtensionLoaded&cltzigp1p015imc0p33ln4xbg 2024-03-20T07:57:41.965Z weekly 0.6 https://kqlsearch.com/query/ChromeloaderRegistryValueLargeSizeGeneric&cltzigmpy015hmc0p1g4vp41c 2024-03-20T07:57:38.789Z weekly 0.6 https://kqlsearch.com/query/Audit-AdminActionsfromRiskyUsers&cltzhtsxk0158mc0p8dfsfvq6 2024-03-20T07:39:53.911Z weekly 0.6 https://kqlsearch.com/query/Identity%20Protection%20latency%20issues&cltyfo4vj014rmc0pl8lbze9z 2024-03-19T13:51:44.046Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_PowerPlatformConnectorActivity&cltyfmxbv014qmc0p20msszo2 2024-03-19T13:50:47.465Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_PowerAppsActivity&cltyfmqhn014pmc0phjfvbixl 2024-03-19T13:50:38.746Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Account%20created%20by%20unexpected%20account&cltyflhta014omc0pp0wx9tty 2024-03-19T13:49:40.845Z weekly 0.6 https://kqlsearch.com/query/DeviceNetworkEvents-Suspicious%20process%20connection%20to%20cloudfront%20domain&cltx042sk013rmc0pu2vnp2mm 2024-03-18T13:48:27.811Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20NetActivities&cltt2rfsw011amc0pldnw3cgb 2024-03-15T19:51:32.145Z weekly 0.6 https://kqlsearch.com/query/DeviceNetworkEvents-Suspicious%20connection%20by%20WerFault&cltt2ou5p0119mc0pi6t03xia 2024-03-15T19:49:30.922Z weekly 0.6 https://kqlsearch.com/query/DeviceNetworkEvents-Suspicious%20connection%20by%20COM%20Surrogate&cltt2oqn00118mc0prkfb1xk9 2024-03-15T19:49:26.363Z weekly 0.6 https://kqlsearch.com/query/EEG-RDP&cltqks07w00znmc0pogdh2my3 2024-03-14T01:52:33.165Z weekly 0.6 https://kqlsearch.com/query/EEG-ManagedIdentity&cltqkrwqj00zmmc0pzuaeb7vx 2024-03-14T01:52:28.794Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-SuspiciousAWSCLICommandExecution&cltncvnbw00xlmc0pa7th9owt 2024-03-11T19:48:07.771Z weekly 0.6 https://kqlsearch.com/query/CommandlineGroupAddition&cltn044wo00xcmc0ppu9wn62c 2024-03-11T13:50:48.791Z weekly 0.6 https://kqlsearch.com/query/MidnightBlizzard&cltj2gio100uvmc0pga8k70ay 2024-03-08T19:45:21.024Z weekly 0.6 https://kqlsearch.com/query/DirectAgent&cltj2fppg00uumc0pjqm6x704 2024-03-08T19:44:43.491Z weekly 0.6 https://kqlsearch.com/query/AR-NSGChanges&cltj2f4kb00utmc0p4zueqt49 2024-03-08T19:44:15.945Z weekly 0.6 https://kqlsearch.com/query/AR-CloudShellExecution&cltj2f1b900usmc0pp5jd6k7b 2024-03-08T19:44:11.877Z weekly 0.6 https://kqlsearch.com/query/AR-BruteForce&cltj2ewnu00urmc0p7a2jek8l 2024-03-08T19:44:05.849Z weekly 0.6 https://kqlsearch.com/query/AR-BreakGlassAccount&cltj2eups00uqmc0p9h5ftsac 2024-03-08T19:44:03.327Z weekly 0.6 https://kqlsearch.com/query/AMAAgent&cltj2esmp00upmc0pdi7sa9v4 2024-03-08T19:44:00.625Z weekly 0.6 https://kqlsearch.com/query/DeviceNetworkEvents-Suspicious%20process%20connection%20to%20cloudfrount%20domain&clthn7zv600tsmc0pbn7etuic 2024-03-07T19:51:02.994Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_detect_sts_get_session_token_abuse&cltes9a5300rzmc0pyijqw54p 2024-03-05T19:48:42.518Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS%20S3%20bucket%20publicly%20exposed&cltes7clg00rymc0pi5ghf19o 2024-03-05T19:47:12.246Z weekly 0.6 https://kqlsearch.com/query/Azure%20Resource%20Graph%20-%20VMs%20%26%20HybridCompute&clteffjva00rpmc0p87uoi2ar 2024-03-05T13:49:40.053Z weekly 0.6 https://kqlsearch.com/query/DnsEvents-DNS%20query%20resolved%20to%20Palo%20Alto%20Networks%20skinhole&cltca9mpo00qcmc0p531asi9b 2024-03-04T01:49:33.371Z weekly 0.6 https://kqlsearch.com/query/identify-isolated-endpoints&clt7ah1gs00n9mc0po580bcdg 2024-02-29T13:56:28.061Z weekly 0.6 https://kqlsearch.com/query/identify-endpoints-removed-from-isolation&clt7agxmk00n8mc0pkd90iakg 2024-02-29T13:56:23.226Z weekly 0.6 https://kqlsearch.com/query/CommandlineUserAddition&clt67q1u300mlmc0ploaxz5ye 2024-02-28T19:51:43.419Z weekly 0.6 https://kqlsearch.com/query/MultipleSentitiveGroupAdditions&clt4s93jk00lomc0p77wagu05 2024-02-27T19:50:52.207Z weekly 0.6 https://kqlsearch.com/query/Multiple-Defender%20for%20Cloud%20incident&clt3ctj1100krmc0partw4uqs 2024-02-26T19:51:05.220Z weekly 0.6 https://kqlsearch.com/query/Apt29&clt305wp800kimc0poj4qz7s5 2024-02-26T13:56:47.804Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-DataUsage&clt2mrx1z00k1mc0pgrsw0x3t 2024-02-26T07:42:00.214Z weekly 0.6 https://kqlsearch.com/query/PowerShellInvokeWebrequest&clt1kj9h800jkmc0p22l8gs18 2024-02-25T13:51:31.003Z weekly 0.6 https://kqlsearch.com/query/CertutilRemoteDownload&clt053rk700inmc0p3rz9tafq 2024-02-24T13:51:47.381Z weekly 0.6 https://kqlsearch.com/query/identify-endpoints-removed-from-containment&clszsd6cl00iemc0prwg9nwj5 2024-02-24T07:55:11.589Z weekly 0.6 https://kqlsearch.com/query/identify-contained-endpoints&clszsd2r200idmc0pbjf0vjue 2024-02-24T07:55:06.926Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20ThreatIntelligenceThreatTypes&clsy09qu800h8mc0ppvd5f4i2 2024-02-23T02:00:56.095Z weekly 0.6 https://kqlsearch.com/query/CreateAndQuery&clsx9ybnx00gtmc0pcoaxa0kb 2024-02-22T13:44:13.195Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-Teams%20phishing%20campaign&clsw7jaet00g4mc0pgxgpbju8 2024-02-21T19:48:46.324Z weekly 0.6 https://kqlsearch.com/query/SBMNTLM&clsufho8c00ezmc0p77q4i1nk 2024-02-20T13:55:55.499Z weekly 0.6 https://kqlsearch.com/query/AppServiceHTTPLogs-PHP%20file%20request%20in%20App%20Service&clstcrapn00eamc0pv8z2aru0 2024-02-19T19:51:39.515Z weekly 0.6 https://kqlsearch.com/query/Parsing-PaloAltoPrismaCloudAlertLogs&clstcpuak00e9mc0p5vup7vv4 2024-02-19T19:50:31.433Z weekly 0.6 https://kqlsearch.com/query/SigninLogs-AzurePortalSigninfromanotherAzureTenant&clsszrqjz00e0mc0p3yghpi63 2024-02-19T13:48:04.894Z weekly 0.6 https://kqlsearch.com/query/Vssadmindelete&clsr7sptt00cvmc0p94exvec4 2024-02-18T07:57:15.328Z weekly 0.6 https://kqlsearch.com/query/PowerShellKeyLogging&clsr7smq000cumc0p1kjrjnpj 2024-02-18T07:57:11.303Z weekly 0.6 https://kqlsearch.com/query/BloodHoundGeneratedfiles&clsr7sk8700ctmc0pcsk2zvyw 2024-02-18T07:57:08.070Z weekly 0.6 https://kqlsearch.com/query/Analytics-SlowPasswordSpray&clsps32b300bymc0pooh3ybnx 2024-02-17T07:49:37.885Z weekly 0.6 https://kqlsearch.com/query/Analytics-PotentialMFASpam&clsps2wd600bxmc0plmnrm9tv 2024-02-17T07:49:30.328Z weekly 0.6 https://kqlsearch.com/query/Analytics-AzureRBACRoleAssignments&clsps2qgb00bwmc0pg8jxaeoc 2024-02-17T07:49:22.520Z weekly 0.6 https://kqlsearch.com/query/SysmonParser&clsprz2n300bvmc0pmop40man 2024-02-17T07:46:31.838Z weekly 0.6 https://kqlsearch.com/query/Function-CiscoASAParser&clsprsdkh00bmmc0psndz2fi1 2024-02-17T07:41:19.407Z weekly 0.6 https://kqlsearch.com/query/GraphActivityFromFirstPartyApps&clsp2jg0u00bdmc0pfjd9ri1o 2024-02-16T19:54:32.285Z weekly 0.6 https://kqlsearch.com/query/AadAuditEventFromFirstPartyApps&clsp2jb6j00bcmc0p0kptqjka 2024-02-16T19:54:26.010Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_setdefaultpolicyversion&clsnmx5du00afmc0p5kambq2p 2024-02-15T19:49:31.649Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_network_access_control_list_deleted&clsnmx23x00aemc0pp784lcjb 2024-02-15T19:49:27.261Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_iam_assume_role_policy_brute_force&clsnmwyig00admc0p2wppd3et 2024-02-15T19:49:22.743Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS%20user%20MFA%20modified&clsnmuxs100acmc0pn1enpj8u 2024-02-15T19:47:48.480Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20FileTypes&clsm7jfp4009fmc0p9rtobonu 2024-02-14T19:51:11.273Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_iam_accessdenied_discovery_events&clsm7gve7009emc0ptxiy84be 2024-02-14T19:49:11.647Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_exfiltration_via_datasync_task&clslulw480095mc0p66q8lqpf 2024-02-14T13:49:10.999Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_exfiltration_via_bucket_replication&clslulran0094mc0pwdgxj45t 2024-02-14T13:49:04.751Z weekly 0.6 https://kqlsearch.com/query/SecurityIncident-Incidents%20with%20automation%20rule%20failure%20events%20from%20SentinelHealth&clslulkq90093mc0p9y9lgske 2024-02-14T13:48:56.097Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_ecr_container_upload_unknown_user&clsks0g8a008emc0pabq0sxzf 2024-02-13T19:48:45.082Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_disable_bucket_versioning&clsks0d6b008dmc0pe3hghh9l 2024-02-13T19:48:41.266Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_password_policy_changes&clskf6vpr0084mc0pnmsrxsym 2024-02-13T13:49:50.222Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_multi_factor_authentication_disabled&clskf6pin0083mc0pjlz7p5ur 2024-02-13T13:49:42.190Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_defense_evasion_putbucketlifecycle&clskf6mr90082mc0pgoyae144 2024-02-13T13:49:38.468Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_credential_access_rds_password_reset&clskf6dtp0081mc0pyizra4vs 2024-02-13T13:49:27.037Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_credential_access_getpassworddata&clskf68tg0080mc0pdcn4v32v 2024-02-13T13:49:20.403Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_credential_access_failed_login&clskf64if007zmc0pp3p3edya 2024-02-13T13:49:14.966Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_createaccesskey&clskf61bn007ymc0pqvr1n5b0 2024-02-13T13:49:10.834Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-aws_concurrent_sessions_from_different_ips&clskf5wca007xmc0p8p4fsrh6 2024-02-13T13:49:04.232Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-asl_aws_password_policy_changes&clsjcltqj0078mc0p25lzae8t 2024-02-12T19:49:42.474Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS%20IAM%20user%20password%20modified&clsjcjuve0077mc0pcxiqj4aq 2024-02-12T19:48:10.634Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS%20EBS%20snapshot%20publicly%20exposed&clsjcjqsp0076mc0payf6rpw2 2024-02-12T19:48:05.352Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS%20DB%20snapshot%20publicly%20exposed&clsjcjlpb0075mc0pcdg4109e 2024-02-12T19:47:58.607Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS%20AMI%20publicly%20exposed&clsjcjfcn0074mc0pue1xf9ek 2024-02-12T19:47:50.517Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-asl_aws_multi_factor_authentication_disabled&clsizpmuu006vmc0p5ocismfz 2024-02-12T13:48:45.174Z weekly 0.6 https://kqlsearch.com/query/EpmUnusuedServicePrincipalsAzADSPI&clsgi37j9005amc0p83z2ghjk 2024-02-10T19:59:53.060Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-asl_aws_createaccesskey&clsdmu7d3003hmc0ptjifrwed 2024-02-08T19:49:32.486Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-asl_aws_concurrent_sessions_from_different_ips&clsd9y5u50038mc0pw50g6pbk 2024-02-08T13:48:42.124Z weekly 0.6 https://kqlsearch.com/query/USB_Copy_7_days&clsck3myn002rmc0p3hvk0ct3 2024-02-08T01:45:07.583Z weekly 0.6 https://kqlsearch.com/query/MultipleAccountsLocked&clsaryoe0001mmc0p6xtaptsg 2024-02-06T19:49:40.727Z weekly 0.6 https://kqlsearch.com/query/AADUserRiskEvents-Leaked%20credentials&cls8zoc7j000gmc0poz7itxe6 2024-02-05T13:50:02.396Z weekly 0.6 https://kqlsearch.com/query/Windows%20Quick%20Fix%20Engineering%20Hot%20Fixes&cls8z1ppd00255iv8bno5er1r 2024-02-05T13:32:27.361Z weekly 0.6 https://kqlsearch.com/query/Windows%20Update%20Installations&cls8z1nng00235iv8fro2ksi2 2024-02-05T13:32:24.699Z weekly 0.6 https://kqlsearch.com/query/User%20Right%20Assigned&cls8z1lo200215iv8tk97ao9k 2024-02-05T13:32:22.129Z weekly 0.6 https://kqlsearch.com/query/User%20Added%20to%20Privileged%20Group&cls8z1jpi001z5iv8t1q57jgt 2024-02-05T13:32:19.589Z weekly 0.6 https://kqlsearch.com/query/System%20Time%20Changed&cls8z1hjf001x5iv8cvy6zcic 2024-02-05T13:32:16.779Z weekly 0.6 https://kqlsearch.com/query/Successful%20User%20Account%20Login&cls8z1fj4001v5iv8vg6c5wo6 2024-02-05T13:32:14.176Z weekly 0.6 https://kqlsearch.com/query/Show%20Services%20That%20Have%20Stopped&cls8z1d6f001t5iv85en9dfqv 2024-02-05T13:32:11.126Z weekly 0.6 https://kqlsearch.com/query/Show%20Services%20That%20Have%20Started&cls8z1ai8001r5iv8hzcnzrln 2024-02-05T13:32:07.663Z weekly 0.6 https://kqlsearch.com/query/Show%20Latest%20Application%20Installations&cls8z18ff001p5iv8hgi7sb51 2024-02-05T13:32:04.962Z weekly 0.6 https://kqlsearch.com/query/Show%20Failed%20Licence%20Activations&cls8z16ni001o5iv8p0ihkfbm 2024-02-05T13:32:02.670Z weekly 0.6 https://kqlsearch.com/query/Show%20Application%20Hangs&cls8z13y6001m5iv8et7lk32c 2024-02-05T13:31:59.165Z weekly 0.6 https://kqlsearch.com/query/Show%20Application%20Crashes&cls8z11jt001k5iv8vltbp1vc 2024-02-05T13:31:56.056Z weekly 0.6 https://kqlsearch.com/query/Show%20All%20Application%20Events&cls8z0zar001i5iv839mmxq79 2024-02-05T13:31:53.139Z weekly 0.6 https://kqlsearch.com/query/Service%20Start%20Failure&cls8z0x6a001g5iv8mxb9i0fz 2024-02-05T13:31:50.385Z weekly 0.6 https://kqlsearch.com/query/Query%20Recent%20Windows%20System%20Event%20Logs&cls8z0uzq001e5iv8s8hbul1a 2024-02-05T13:31:47.558Z weekly 0.6 https://kqlsearch.com/query/Overview%20Event%20Level%20Types%20for%20Windows%20Applications%20Events&cls8z0sfg001c5iv8gscbmnjk 2024-02-05T13:31:44.235Z weekly 0.6 https://kqlsearch.com/query/Number%20of%20Events%20per%20Provider&cls8z0q45001a5iv8lw5zrtp1 2024-02-05T13:31:41.237Z weekly 0.6 https://kqlsearch.com/query/Failed%20User%20Account%20Login&cls8z0o1b00185iv8w9tiyae8 2024-02-05T13:31:38.543Z weekly 0.6 https://kqlsearch.com/query/Event%20Log%20was%20Cleared&cls8z0lr700165iv8iqjw1i17 2024-02-05T13:31:35.586Z weekly 0.6 https://kqlsearch.com/query/Check%20if%20Device%20Restart%20Is%20Required&cls8z0jtw00145iv8h3vqurg3 2024-02-05T13:31:33.084Z weekly 0.6 https://kqlsearch.com/query/Blue%20Screen%20of%20Death&cls8z0gve00125iv8enbe5036 2024-02-05T13:31:29.258Z weekly 0.6 https://kqlsearch.com/query/Assigned%20Primary%20Tokens&cls8z0eiu00105iv8zjt2px58 2024-02-05T13:31:26.213Z weekly 0.6 https://kqlsearch.com/query/Show%20All%20Drivers%20That%20Are%20Not%20Signed&cls8z0btr000y5iv80qtb21mk 2024-02-05T13:31:22.718Z weekly 0.6 https://kqlsearch.com/query/Number%20of%20Signed%20and%20Unsigned%20Drivers&cls8z09to000w5iv858q0s20i 2024-02-05T13:31:20.124Z weekly 0.6 https://kqlsearch.com/query/Group%20Drivers%20by%20Their%20Provider%20Name&cls8z07eh000u5iv8hkx5rzjx 2024-02-05T13:31:16.985Z weekly 0.6 https://kqlsearch.com/query/Find%20Drivers%20That%20Don%E2%80%99t%20Have%20Associated%20Inf%20Files&cls8z05lf000s5iv8qc6d9q2y 2024-02-05T13:31:14.643Z weekly 0.6 https://kqlsearch.com/query/Windows%20App%20Crash%20Events%20Grouped%20by%20the%20App%20and%20Its%20Version&cls8z03lk000q5iv8zkn7kkks 2024-02-05T13:31:12.056Z weekly 0.6 https://kqlsearch.com/query/List%20of%20Applications%20Crashes&cls8z01co000o5iv8t3ncali4 2024-02-05T13:31:09.144Z weekly 0.6 https://kqlsearch.com/query/Lookup%20Registry%20Keys%20Wildcard&cls8yzz06000m5iv8bmi2a0bo 2024-02-05T13:31:06.102Z weekly 0.6 https://kqlsearch.com/query/Find%20Windows%2011%20Compatible%20Tpms&cls8yzwfn000l5iv8n6thnc3k 2024-02-05T13:31:02.770Z weekly 0.6 https://kqlsearch.com/query/Track%20the%20Working%20Directories%20of%20Processes&cls8yzukg000k5iv8cmry0mag 2024-02-05T13:31:00.342Z weekly 0.6 https://kqlsearch.com/query/Track%20the%20Usage%20of%20Specific%20Applications%20and%20How%20Often%20They%20Are%20Started&cls8yzryu000j5iv8bvtly6wd 2024-02-05T13:30:56.982Z weekly 0.6 https://kqlsearch.com/query/Most%20frequently%20running%20Processes&cls8yzp2e000i5iv8y9od2qpa 2024-02-05T13:30:53.222Z weekly 0.6 https://kqlsearch.com/query/List%20All%20Process%20That%20Running%20Under%20NT%20Authority&cls8yzmzf000h5iv8szqrzx28 2024-02-05T13:30:50.523Z weekly 0.6 https://kqlsearch.com/query/Impact%20of%20Processes%20Over%20Time%20by%20Looking%20at%20How%20Long%20They%20Run&cls8yzkrg000g5iv842j4orin 2024-02-05T13:30:47.643Z weekly 0.6 https://kqlsearch.com/query/Identify%20Unexpected%20or%20Unknown%20Processes%20Running%20From%20Unusual%20Paths&cls8yzhdk000f5iv8mf9qtppa 2024-02-05T13:30:43.248Z weekly 0.6 https://kqlsearch.com/query/Identify%20Processes%20That%20Are%20Heavily%20Using%20Disk%20Space&cls8yzeli000e5iv8vx3w1yud 2024-02-05T13:30:39.652Z weekly 0.6 https://kqlsearch.com/query/Find%20Processes%20With%20High%20Memory%20Usage&cls8yzbsc000d5iv8fnqnesbj 2024-02-05T13:30:36.011Z weekly 0.6 https://kqlsearch.com/query/Find%20All%20System%20Processes%20Related%20to%20Defender%2C%20Sense%20or%20Security&cls8yz96l000c5iv8b6vwasl0 2024-02-05T13:30:32.635Z weekly 0.6 https://kqlsearch.com/query/Determine%20Which%20Users%20Are%20Running%20Which%20Processes&cls8yz4hy000b5iv8lkbb85vp 2024-02-05T13:30:26.557Z weekly 0.6 https://kqlsearch.com/query/Detect%20Processes%20That%20Are%20Reading%20or%20Writing%20Significantly%20to%20Disk&cls8yz1vx000a5iv89omz4uhp 2024-02-05T13:30:23.180Z weekly 0.6 https://kqlsearch.com/query/Command%20Lines%20Used%20to%20Start%20Processes&cls8yyyzj00095iv8k52szp1n 2024-02-05T13:30:19.422Z weekly 0.6 https://kqlsearch.com/query/Analyze%20Start%20Times%20and%20Run%20Durations%20of%20Processes&cls8yyw4f00085iv8l30og0as 2024-02-05T13:30:15.710Z weekly 0.6 https://kqlsearch.com/query/Show%20All%20Local%20Drives&cls8yyta400075iv82adjm62w 2024-02-05T13:30:12.027Z weekly 0.6 https://kqlsearch.com/query/Show%20all%20Local%20Groups%20on%20Device&cls8yyr3700065iv8pnwi6m4b 2024-02-05T13:30:09.177Z weekly 0.6 https://kqlsearch.com/query/Search%20Recently%20Created%20Files%20at%20a%20Location&cls8yy9un00045iv8l5kcjzah 2024-02-05T13:29:46.846Z weekly 0.6 https://kqlsearch.com/query/Monitor%20Hosts%20File&cls8yy7wd00025iv817ulzv1w 2024-02-05T13:29:44.316Z weekly 0.6 https://kqlsearch.com/query/Find%20Disk%20Information&cls8yy5v100005iv810tluk57 2024-02-05T13:29:41.666Z weekly 0.6 https://kqlsearch.com/query/Show%20Valid%20Certificates%20on%20Device&cls8yur70000n5icktg69sqda 2024-02-05T13:27:02.700Z weekly 0.6 https://kqlsearch.com/query/Show%20Expired%20Certificates%20on%20Device&cls8yuowg000l5icktofxb2i6 2024-02-05T13:26:59.728Z weekly 0.6 https://kqlsearch.com/query/Show%20All%20Self-Signed%20Certificates&cls8yumo2000j5ickv3zulue3 2024-02-05T13:26:56.833Z weekly 0.6 https://kqlsearch.com/query/Show%20All%20Insecure%20Certificates&cls8yujy2000h5ick8ss2cb8e 2024-02-05T13:26:53.305Z weekly 0.6 https://kqlsearch.com/query/Show%20All%20Certificates%20That%20Are%20Not%20Stored%20in%20Localmachine&cls8yuhea000f5icknzk4m80o 2024-02-05T13:26:50.001Z weekly 0.6 https://kqlsearch.com/query/List%20All%20CA%20Certificates&cls8yufhy000d5ickhewok92e 2024-02-05T13:26:47.542Z weekly 0.6 https://kqlsearch.com/query/Intune%20MDM%20Device%20Certificate&cls8yudcz000b5ick6ytkzfut 2024-02-05T13:26:44.770Z weekly 0.6 https://kqlsearch.com/query/Certificates%20That%20Will%20Expire%20in%20the%20Next%2090%20days&cls8yubpj000a5ickdkleo000 2024-02-05T13:26:42.630Z weekly 0.6 https://kqlsearch.com/query/Monitor%20CPU%20Performance%20and%20Health&cls8yu8it00085ickujb288x4 2024-02-05T13:26:38.500Z weekly 0.6 https://kqlsearch.com/query/Identify%20CPU%20Configuration&cls8yu6aj00065ick08z9lnjo 2024-02-05T13:26:35.611Z weekly 0.6 https://kqlsearch.com/query/Detect%20CPU%20Overclocking&cls8yu4al00045ickm0gjvvt0 2024-02-05T13:26:33.021Z weekly 0.6 https://kqlsearch.com/query/Assess%20CPU%20Physical%20Characteristics&cls8yu29300025ickob8r5mlj 2024-02-05T13:26:30.374Z weekly 0.6 https://kqlsearch.com/query/BIOS%20Details&cls8yu07400005ickxnooigjx 2024-02-05T13:26:27.707Z weekly 0.6 https://kqlsearch.com/query/MDE-WindowsBuiltInGroupMemberChanges&cls8bgb6j001nmc0qx3huigb8 2024-02-05T02:31:57.450Z weekly 0.6 https://kqlsearch.com/query/nf_ttp_smoke-sandstorm_unusual_coreuicomponent.dll-behaviour&cls7yjj6s001emc0qx74eacl5 2024-02-04T20:30:32.931Z weekly 0.6 https://kqlsearch.com/query/nf_ttp_generic_kerberos_attacks&cls7yje2y001dmc0qt9nu2agi 2024-02-04T20:30:26.314Z weekly 0.6 https://kqlsearch.com/query/Sentinel-TaxiiConnectorFailures&cls6j65gg000gmc0qmkjecyia 2024-02-03T20:32:28.047Z weekly 0.6 https://kqlsearch.com/query/SecurityNestedRecommendation-Unprotected%20secrets%20assessments&cls62yk8z000w5izcta2i252k 2024-02-03T12:58:40.258Z weekly 0.6 https://kqlsearch.com/query/SecurityNestedRecommendation-System%20updates%20assessments&cls62ygcg000u5izclcgzwt3u 2024-02-03T12:58:35.199Z weekly 0.6 https://kqlsearch.com/query/SecurityNestedRecommendation-System%20updates%20Update%20Center%20assessments&cls62ydka000s5izcaz1k4563 2024-02-03T12:58:31.593Z weekly 0.6 https://kqlsearch.com/query/SecurityNestedRecommendation-Security%20configuration%20assessments&cls62yal1000q5izc2jlrmyml 2024-02-03T12:58:27.732Z weekly 0.6 https://kqlsearch.com/query/SecurityNestedRecommendation-Security%20configuration%20Guest%20Configuration%20assessments&cls62y8am000o5izc9lg4b6t4 2024-02-03T12:58:24.765Z weekly 0.6 https://kqlsearch.com/query/SecurityNestedRecommendation-SQL%20databases%20assessments&cls62y5lc000m5izczitjlbgw 2024-02-03T12:58:21.263Z weekly 0.6 https://kqlsearch.com/query/SecurityNestedRecommendation-Running%20container%20images%20MDVM%20vulnerability%20assessments&cls62y2gc000k5izc63gtqrr4 2024-02-03T12:58:17.185Z weekly 0.6 https://kqlsearch.com/query/SecurityNestedRecommendation-Linux%20virtual%20machines%20SecureBoot%20assessments&cls62xy57000i5izcg7qz0rkl 2024-02-03T12:58:11.610Z weekly 0.6 https://kqlsearch.com/query/SecurityNestedRecommendation-Endpoint%20protection%20assessments&cls62xvbc000g5izcqbty0ecu 2024-02-03T12:58:07.943Z weekly 0.6 https://kqlsearch.com/query/binaries-using-anydesk-compromised-certificate&cls5sut2300005i0swhhks607 2024-02-03T08:15:48.888Z weekly 0.6 https://kqlsearch.com/query/nf_ttp_t1543_peach-sandstorm_azure_arc_persistence&cls2bbgja00lvmc0q0fjzk1h9 2024-01-31T21:41:34.197Z weekly 0.6 https://kqlsearch.com/query/TotalEventsByTable&cls0vvveq00kymc0qcecww2m5 2024-01-30T21:41:46.419Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20ipfs_phishing&clrzggbim00k1mc0qcvx35xdo 2024-01-29T21:42:00.525Z weekly 0.6 https://kqlsearch.com/query/nf_ttp_t1543_scattered-spider_azure_arc_persistence&clrzgfm4i00k0mc0qgd8xebd3 2024-01-29T21:41:27.618Z weekly 0.6 https://kqlsearch.com/query/nf_ttp_t1562.001_scattered-spider_abuse%20conditional_access_trusted_locations&clrzgeply00jzmc0qgw3bu4g7 2024-01-29T21:40:45.476Z weekly 0.6 https://kqlsearch.com/query/MDO-InboxForwarding&clrxo6bsb00iumc0qjkg7hb3x 2024-01-28T15:42:38.889Z weekly 0.6 https://kqlsearch.com/query/possible-soaphound-tool-execution-using-specific-arguments&clrvvwt5p00hpmc0q6yuor0jq 2024-01-27T09:43:39.420Z weekly 0.6 https://kqlsearch.com/query/Identity-CAPoliciesNotinUse&clrry0na200f0mc0q5nz7gmxi 2024-01-24T15:31:32.953Z weekly 0.6 https://kqlsearch.com/query/Multiple-Unsynchronized%20Defender%20for%20Cloud%20alert&clrqvqm1e00ejmc0qsfkx0u3w 2024-01-23T21:39:59.377Z weekly 0.6 https://kqlsearch.com/query/TokenReplayOfWorkloadIdentityFromOutsideOfAzureNetworkRange&clrq66nuf00e2mc0q96eic5w0 2024-01-23T09:44:38.198Z weekly 0.6 https://kqlsearch.com/query/MacroTrustrecords&clrp3ojth00ddmc0qns4auqtq 2024-01-22T15:46:47.764Z weekly 0.6 https://kqlsearch.com/query/applicationshimming&clroqsxs000d4mc0qso0p6ys6 2024-01-22T09:46:17.472Z weekly 0.6 https://kqlsearch.com/query/Spamhaus-10-most-abused-tlds&clrnbaxpx00c7mc0q9g920md0 2024-01-21T09:44:37.172Z weekly 0.6 https://kqlsearch.com/query/Behaviour%20-%20APT28ExternalWebdav&clrkt7usq00ammc0qat88c815 2024-01-19T15:42:47.977Z weekly 0.6 https://kqlsearch.com/query/ttp_t1562-001_disabledefender&clrjqmmv4009xmc0qkhmydsjy 2024-01-18T21:42:32.512Z weekly 0.6 https://kqlsearch.com/query/ttp_t1219_netsupportrat_fin7&clrjqmj4l009wmc0qwkymc8qr 2024-01-18T21:42:27.669Z weekly 0.6 https://kqlsearch.com/query/ttp_t1127-001_suspNetworkConnMSBuild&clrjqmej0009vmc0qi9qxxz68 2024-01-18T21:42:21.564Z weekly 0.6 https://kqlsearch.com/query/ttp_t1059-001_powershell_windowsappsdir_fin7&clrjqma71009umc0qz953ow7t 2024-01-18T21:42:16.093Z weekly 0.6 https://kqlsearch.com/query/ttp_t1027-010_powershellEncodedCommand&clrjqm7g5009tmc0q9qf04kox 2024-01-18T21:42:12.532Z weekly 0.6 https://kqlsearch.com/query/MDE-ConnectivityType&clrfgbkqn0076mc0qnbbf0y93 2024-01-15T21:42:55.678Z weekly 0.6 https://kqlsearch.com/query/Behaviour%20-%20APT28Commands&clrag9br50041mc0qny29f3lx 2024-01-12T09:42:19.840Z weekly 0.6 https://kqlsearch.com/query/SecurityNestedRecommendation-Virtual%20machines%20MDVM%20vulnerability%20assessments&clr9dljzd003cmc0qpi0487a7 2024-01-11T15:40:05.352Z weekly 0.6 https://kqlsearch.com/query/ipv4_is_private%20malfunction&clr7y6lb0002fmc0q3v1zr0b9 2024-01-10T15:40:46.670Z weekly 0.6 https://kqlsearch.com/query/Device-iOSDevicesWithoutLatestOSVersion&clr7xrhu50026mc0qrxg6f3ti 2024-01-10T15:29:02.476Z weekly 0.6 https://kqlsearch.com/query/Device-StaleDevice&clr7xrcd90025mc0qbhvg4549 2024-01-10T15:28:55.388Z weekly 0.6 https://kqlsearch.com/query/Audit-NumberOfDeviceWipesAndDeletions&clr7xr1cu0024mc0q248z4dg4 2024-01-10T15:28:41.117Z weekly 0.6 https://kqlsearch.com/query/PowerShellNoProfile&clr7ldku90023mc0qpni9ciql 2024-01-10T09:42:17.792Z weekly 0.6 https://kqlsearch.com/query/MDXDR-ThreatProtectionReport&clr6vowiu001mmc0q7v2xeqde 2024-01-09T21:43:16.132Z weekly 0.6 https://kqlsearch.com/query/Detect_Known_RAT_RMM_Process_Patterns&clr6isyqv001dmc0qfz2p08jz 2024-01-09T15:42:30.490Z weekly 0.6 https://kqlsearch.com/query/WebshellDetection&clr5g7czw000omc0q5ejnelm1 2024-01-08T21:41:57.259Z weekly 0.6 https://kqlsearch.com/query/XdrAlertsRelatedCiemAssessment&clr4247a500g1mc0p50bydsu9 2024-01-07T22:19:48.944Z weekly 0.6 https://kqlsearch.com/query/AttackPathsRelatedSecurityAlerts&clr42410t00g0mc0p5vx1zafk 2024-01-07T22:19:40.972Z weekly 0.6 https://kqlsearch.com/query/PotentialAiTMPhishing&clr41yt5w00fzmc0p26bon8bc 2024-01-07T22:15:37.507Z weekly 0.6 https://kqlsearch.com/query/weird%20CorrelationId&clqzerecg00d2mc0pvxnck3km 2024-01-04T16:14:55.839Z weekly 0.6 https://kqlsearch.com/query/SecurityNestedRecommendation-Container%20registries%20MDVM%20vulnerability%20assessments&clqxzb3ba00c5mc0pipavvo7e 2024-01-03T16:14:34.486Z weekly 0.6 https://kqlsearch.com/query/CommandlineWithClearTextPassword&clqwwsdd200bgmc0plbakqf9t 2024-01-02T22:16:15.781Z weekly 0.6 https://kqlsearch.com/query/KQLQueryVisits&clqrwqpk0008bmc0p42gbjugc 2023-12-30T10:16:07.391Z weekly 0.6 https://kqlsearch.com/query/KQLSearchVisits&clqqu6cvf007mmc0pi31zmmp2 2023-12-29T16:16:32.425Z weekly 0.6 https://kqlsearch.com/query/SecurityNestedRecommendation-Running%20container%20image%20MDVM%20vulnerability%20assessments&clqqu38f4007lmc0p3am58a8c 2023-12-29T16:14:06.687Z weekly 0.6 https://kqlsearch.com/query/TeamsEmojiReactionsByDepartment&clqp1vjb1006gmc0pebzz1x5b 2023-12-28T10:16:32.124Z weekly 0.6 https://kqlsearch.com/query/applicaitonshimming&clqnzetpg005rmc0pb3vhqc8o 2023-12-27T16:19:47.043Z weekly 0.6 https://kqlsearch.com/query/TeamsEmojiReactions&clqnzaac0005qmc0p1wbzx4z3 2023-12-27T16:16:15.311Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-Logon%20activity%20from%20a%20potentially%20harmful%20application&clqmjrdc8004tmc0p0fb6wqpe 2023-12-26T16:13:52.187Z weekly 0.6 https://kqlsearch.com/query/changing-powershell-execution-policy-to-insecure-level&clqjc6g3q002smc0pxzlh8tja 2023-12-24T10:18:20.294Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20ExposureLevels&clqjc40p3002rmc0ps7dbadjv 2023-12-24T10:16:27.014Z weekly 0.6 https://kqlsearch.com/query/DevicesCanBeOnboarded&clqi9ik5t0022mc0pt0r7utet 2023-12-23T16:16:00.399Z weekly 0.6 https://kqlsearch.com/query/Compliance%20-%20Intune%20devices%20that%20are%20compliant%20with%20OS%2C%20OS%20Version&clqi920p9001tmc0p2u2uyexh 2023-12-23T16:03:08.685Z weekly 0.6 https://kqlsearch.com/query/OnboardedDeviceByOS&clqi79xr300005izk7jnijn1t 2023-12-23T15:13:18.869Z weekly 0.6 https://kqlsearch.com/query/sdcltUAC&clqfqsjc3001k5i48etc8vd02 2023-12-21T21:56:20.835Z weekly 0.6 https://kqlsearch.com/query/DLLhostUAC&clqfqshkk001i5i48jli88ooo 2023-12-21T21:56:18.547Z weekly 0.6 https://kqlsearch.com/query/Clipup&clqfqsfdq001g5i4815gkubob 2023-12-21T21:56:15.710Z weekly 0.6 https://kqlsearch.com/query/ChangePKSLUITampering&clqfqsdtf001e5i48hhme65tn 2023-12-21T21:56:13.682Z weekly 0.6 https://kqlsearch.com/query/Getsystem&clqfqsb9k001c5i48vvd4j8cr 2023-12-21T21:56:10.376Z weekly 0.6 https://kqlsearch.com/query/tempexecutions&clqfqs98g001a5i482r7ufc04 2023-12-21T21:56:07.743Z weekly 0.6 https://kqlsearch.com/query/osascriptpassword&clqfqs72e00185i48ds3tohzp 2023-12-21T21:56:04.933Z weekly 0.6 https://kqlsearch.com/query/libraryexecutions&clqfqs5ne00165i48arsvyfoq 2023-12-21T21:56:03.098Z weekly 0.6 https://kqlsearch.com/query/copytmptousers&clqfqs2w800145i48xvdxuos3 2023-12-21T21:55:59.520Z weekly 0.6 https://kqlsearch.com/query/chainbreaker&clqfqs0qd00125i482e7bvdpf 2023-12-21T21:55:56.725Z weekly 0.6 https://kqlsearch.com/query/configfile&clqfqrypk00105i480tfk1ezm 2023-12-21T21:55:54.104Z weekly 0.6 https://kqlsearch.com/query/RcloneMSThreatReport&clqfqrw86000y5i48xm7qccuy 2023-12-21T21:55:50.886Z weekly 0.6 https://kqlsearch.com/query/FileProperties&clqfqrsp5000w5i48rc087ubl 2023-12-21T21:55:46.313Z weekly 0.6 https://kqlsearch.com/query/gpresult&clqfqrr3s000u5i48dfypcxoy 2023-12-21T21:55:44.248Z weekly 0.6 https://kqlsearch.com/query/WebdavExecution&clqfqrnpb000s5i488oo0buxz 2023-12-21T21:55:39.839Z weekly 0.6 https://kqlsearch.com/query/SuccesfullExploitationofPDFreaders&clqfqrld4000q5i48lwn2fr3k 2023-12-21T21:55:36.808Z weekly 0.6 https://kqlsearch.com/query/PowershellSuspiciousStrings&clqfqrdkv000o5i48rlv4ynno 2023-12-21T21:55:26.719Z weekly 0.6 https://kqlsearch.com/query/OneNoteZeroday&clqfqra1s000m5i484jqfaqku 2023-12-21T21:55:22.143Z weekly 0.6 https://kqlsearch.com/query/MicrosoftWorkflowCompiler&clqfqr6b2000k5i48j1vxdamp 2023-12-21T21:55:17.293Z weekly 0.6 https://kqlsearch.com/query/EmailAttachmentExecuted&clqfqr49c000i5i48stqndcpl 2023-12-21T21:55:14.639Z weekly 0.6 https://kqlsearch.com/query/CSCSuspiciousExecutions&clqfqr0hw000g5i4877sswm8h 2023-12-21T21:55:09.756Z weekly 0.6 https://kqlsearch.com/query/EnumerationShortperiod&clqfqqx9i000e5i48k4pngc2o 2023-12-21T21:55:05.573Z weekly 0.6 https://kqlsearch.com/query/DefenderLocalOverride&clqfqqu1c000c5i48q7rul9ns 2023-12-21T21:55:01.391Z weekly 0.6 https://kqlsearch.com/query/NTDSDump&clqfqqrnv000a5i48c3kt07uk 2023-12-21T21:54:58.315Z weekly 0.6 https://kqlsearch.com/query/Msbuild&clqfqqo9300085i488fm2y4ue 2023-12-21T21:54:53.887Z weekly 0.6 https://kqlsearch.com/query/WinrarEncryption&clqfqqlsu00065i48gs186hbs 2023-12-21T21:54:50.717Z weekly 0.6 https://kqlsearch.com/query/Telegraminfostealers&clqfqqjbc00045i48wx04is7j 2023-12-21T21:54:47.495Z weekly 0.6 https://kqlsearch.com/query/SuspiciousNSLookup&clqfqqfv900025i48hvlnq3jv 2023-12-21T21:54:43.028Z weekly 0.6 https://kqlsearch.com/query/PlinkTunnelingForwarding&clqfqqdnl00005i48kvvqt2eu 2023-12-21T21:54:40.159Z weekly 0.6 https://kqlsearch.com/query/EmailEvents-Automatically%20forwarded%20emails&clqflxxsj022gmc0o34c6aatp 2023-12-21T19:40:34.629Z weekly 0.6 https://kqlsearch.com/query/STORM-0539%20URLPathsEmail&clqcr5om0020nmc0ohjr7ajia 2023-12-19T19:43:15.671Z weekly 0.6 https://kqlsearch.com/query/Usage-CloudAppEvents&clqbolptj01zymc0okzw5se7t 2023-12-19T01:43:58.568Z weekly 0.6 https://kqlsearch.com/query/XDRAutomaticallyClosedIncidents&clqbbq2et01zpmc0oborjqsc7 2023-12-18T19:43:26.502Z weekly 0.6 https://kqlsearch.com/query/Added%20Credential%20to%20privileged%20workload%20by%20lower%20or%20non-privileged%20user%20(WorkloadIdentityInfo)&clqayz8h501zgmc0owd3ycq9p 2023-12-18T13:46:39.256Z weekly 0.6 https://kqlsearch.com/query/identify-how-quick-a-confirmed-compromised-account-changed-password&clq6ommko01wrmc0odc27mq47 2023-12-15T13:45:50.279Z weekly 0.6 https://kqlsearch.com/query/identification-of-risky-users-risk-dismissal-or-account-compromised-confirmation&clq59ie1601vumc0oxe5mtq5v 2023-12-14T13:54:52.169Z weekly 0.6 https://kqlsearch.com/query/Multiple-URLEntity_UrlClickEvents&clq59bloy01vtmc0obyuep6tk 2023-12-14T13:49:35.363Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_UrlClickEvents&clq59b85001vsmc0osrq3evop 2023-12-14T13:49:17.797Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_AppServiceIPSecAuditLogs&clq59asap01vrmc0ob3e3misn 2023-12-14T13:48:57.408Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_AppServiceAuditLogs&clq59air901vqmc0ojgo3035g 2023-12-14T13:48:44.902Z weekly 0.6 https://kqlsearch.com/query/Multiple-DomainEntity_UrlClickEvents&clq59a42m01vpmc0o2bn04o6s 2023-12-14T13:48:25.871Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_Azure_Kubernetes_legacy&clq4w6ztq01vgmc0ov1mcbirh 2023-12-14T07:42:05.392Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_Azure_Key_Vault_legacy&clq4w6o4501vfmc0oh2ek8rye 2023-12-14T07:41:50.215Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_Azure_Firewall_legacy&clq4w54w701vemc0osx41jweo 2023-12-14T07:40:38.649Z weekly 0.6 https://kqlsearch.com/query/NetQueryStatistics&clq21c0lb01tlmc0ojbuc8g3q 2023-12-12T07:42:39.358Z weekly 0.6 https://kqlsearch.com/query/NetDiscoveryActivitiesDetected&clq1bmge701t4mc0o8my35ghf 2023-12-11T19:42:56.380Z weekly 0.6 https://kqlsearch.com/query/RareNetParamaterExecutions&clpzjau4b01rzmc0ozgmo3ug6 2023-12-10T13:42:18.874Z weekly 0.6 https://kqlsearch.com/query/MDA%20Threat%20detection%20policy%20for%20OAuth%20Apps%20with%20Enriched%20Information%20(WorkloadIdentityInfo)&clpy3z2sy01r2mc0oqx64biry 2023-12-09T13:45:29.699Z weekly 0.6 https://kqlsearch.com/query/LocalGroupDiscovery&clpxe51ud01qlmc0obn48v8l2 2023-12-09T01:42:18.516Z weekly 0.6 https://kqlsearch.com/query/NetDiscoveryActivities&clpvlvu7o01pgmc0otyqtmo9d 2023-12-07T19:43:33.299Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS_SuspiciousCommandEC2&clpvlsd9r01pfmc0o3x9pn7zz 2023-12-07T19:40:51.374Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS_SAMLUpdateIdentity&clpvls6q801pemc0o4836wt6d 2023-12-07T19:40:42.753Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20DigitalSideDomains&clpu6g5oa01ohmc0o7gcjq1we 2023-12-06T19:43:41.241Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20DigitalSideIPs&clpt3v30201nsmc0o97wmbnw5 2023-12-06T01:43:32.594Z weekly 0.6 https://kqlsearch.com/query/Strcat&clpsr5qax01njmc0ojgv3v1h1 2023-12-05T19:47:54.344Z weekly 0.6 https://kqlsearch.com/query/IncidentURL&clpsqrpc501nimc0oyauqy6gj 2023-12-05T19:36:59.766Z weekly 0.6 https://kqlsearch.com/query/DueDatePassedCISAKnownExploitedVulnerability&clprbkule01mlmc0oa8ceotvm 2023-12-04T19:43:59.712Z weekly 0.6 https://kqlsearch.com/query/LatestAntivirusScanStatus&clpne209f01k4mc0ouq2fhapm 2023-12-02T01:42:14.596Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS_RDSInstancePubliclyExposed&clpmo9sn301jnmc0ouria8w3h 2023-12-01T13:40:28.094Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS_NetworkACLOpenToAllPorts&clpmo9ois01jmmc0ok6jfe178 2023-12-01T13:40:22.613Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Suspicious%20AD%20attributes%20accessed%20from%20unexpected%20source&clpllofiw01ixmc0o8itx2ygb 2023-11-30T19:40:05.911Z weekly 0.6 https://kqlsearch.com/query/ListCISAExploitedVulnerabilites&clpkw21sa01igmc0o485tj0ym 2023-11-30T07:42:51.273Z weekly 0.6 https://kqlsearch.com/query/NewActiveCISAKnownExploitedVulnerabilityDetected&clpk6daeb01hzmc0opappa8gu 2023-11-29T19:43:45.492Z weekly 0.6 https://kqlsearch.com/query/Behaviour%20-%20KillSQLProcesses&clphobp2w01gemc0oso41l1mm 2023-11-28T01:43:05.771Z weekly 0.6 https://kqlsearch.com/query/detecting-rmm-tools-using-processversioninfocompanymame-table&clpgyq6nv01fzmc0ob927u28v 2023-11-27T13:46:31.866Z weekly 0.6 https://kqlsearch.com/query/WevtutilClearLogs&clpblomfu01cmmc0oprt2qgzp 2023-11-23T19:42:32.974Z weekly 0.6 https://kqlsearch.com/query/MDO-ReleaseQuarantine&clpb8wxqk01cdmc0ofrbc2nw6 2023-11-23T13:45:05.995Z weekly 0.6 https://kqlsearch.com/query/MDO-Email%20Attachment%20File%20Extensions&clpb8wse301ccmc0o0knv9qwo 2023-11-23T13:44:58.924Z weekly 0.6 https://kqlsearch.com/query/MDO-AuthenticationDetails&clpb8wa9001cbmc0o33e1bp0b 2023-11-23T13:44:35.414Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20TVM%20-%20eIOT&clpb8w0nf01camc0o7phkv3ic 2023-11-23T13:44:23.114Z weekly 0.6 https://kqlsearch.com/query/GraphMailPermissions&clpa68m5501blmc0on2ppvedk 2023-11-22T19:42:25.816Z weekly 0.6 https://kqlsearch.com/query/TotalAllGraphPermissionsAdded&clp8qsvz001aomc0o535y4f9w 2023-11-21T19:42:31.643Z weekly 0.6 https://kqlsearch.com/query/Token%20Replay%20from%20workload%20identity%20with%20privileges%20in%20Microsoft%20Azure%20(WorkloadIdentityInfo)&clp7bj9uz019tmc0o16gwgy4z 2023-11-20T19:47:22.524Z weekly 0.6 https://kqlsearch.com/query/Token%20Replay%20from%20workload%20identity%20with%20privileges%20in%20Microsoft%20365%20(WorkloadIdentityInfo)&clp7bj08t019smc0otbmj9k0n 2023-11-20T19:47:10.203Z weekly 0.6 https://kqlsearch.com/query/MDA%20Threat%20detection%20policy%20with%20Enriched%20Information%20(WorkloadIdentityInfo)&clp7biutt019rmc0opdi3gq3s 2023-11-20T19:47:03.040Z weekly 0.6 https://kqlsearch.com/query/AllGraphPermissionsAdded&clp7bd7vw019qmc0oz7ky3uur 2023-11-20T19:42:40.170Z weekly 0.6 https://kqlsearch.com/query/RecentAddedPrivileges&clp5w3b15018tmc0ojvrha3o1 2023-11-19T19:47:17.272Z weekly 0.6 https://kqlsearch.com/query/Added%20Ownership%20to%20workload%20identity%20(WorkloadIdentityInfo)&clp5w2y8a018smc0o8yxa112h 2023-11-19T19:47:00.681Z weekly 0.6 https://kqlsearch.com/query/Added%20Credential%20to%20privileged%20workload%20by%20lower%20or%20non-privileged%20user%20(WorkloadIdentityInfo&clp5w2pu2018rmc0ong3qfveq 2023-11-19T19:46:49.659Z weekly 0.6 https://kqlsearch.com/query/UnifiedIdentityInfo&clp4gm5ks017umc0orofdez6f 2023-11-18T19:46:16.493Z weekly 0.6 https://kqlsearch.com/query/PrivilegedWorkloadIdentityInfo&clp4glzbs017tmc0o93d12mb4 2023-11-18T19:46:08.535Z weekly 0.6 https://kqlsearch.com/query/PrivilegedIdentityInfo&clp4glscf017smc0ocaqpk7id 2023-11-18T19:45:59.345Z weekly 0.6 https://kqlsearch.com/query/detect-inbound-email-domains-from-text-list&clp3e1inq0173mc0o2028tmti 2023-11-18T01:46:28.405Z weekly 0.6 https://kqlsearch.com/query/SignInsByBrowser&clp1lls0b015ymc0o03e3e8tu 2023-11-16T19:42:38.602Z weekly 0.6 https://kqlsearch.com/query/DefenderDiscoveryActivities&clp06744s0151mc0ogrrxq51o 2023-11-15T19:43:33.918Z weekly 0.6 https://kqlsearch.com/query/replace_strings%20malfunction&clp064va30150mc0ougflhd3x 2023-11-15T19:41:49.132Z weekly 0.6 https://kqlsearch.com/query/Multiple-Unexpected%20user%20agent%20in%20Microsoft%20Graph&clp06388y014zmc0owb7hcinh 2023-11-15T19:40:32.770Z weekly 0.6 https://kqlsearch.com/query/Multiple-Unexpected%20enumeration%20in%20Microsoft%20Graph&clp0633ku014ymc0oatpob9qv 2023-11-15T19:40:26.717Z weekly 0.6 https://kqlsearch.com/query/LOLBinRemoteIPCommandLine&cloyqqq3d0141mc0od5yuzhws 2023-11-14T19:43:08.808Z weekly 0.6 https://kqlsearch.com/query/TooManyRecipients&cloxb3lbo0134mc0orerdcn7m 2023-11-13T19:37:29.267Z weekly 0.6 https://kqlsearch.com/query/Workload%20ID%20Protection%20Alerts%20with%20Enriched%20Information&clovj30y70121mc0o49iogdmf 2023-11-12T13:45:27.296Z weekly 0.6 https://kqlsearch.com/query/UEBA%20Behavior%20anomaly%20on%20Application%20Management&clovj2tva0120mc0oxu3fc7qr 2023-11-12T13:45:18.261Z weekly 0.6 https://kqlsearch.com/query/MDA%20App%20Governance%20Alerts%20with%20Enriched%20Information&clovj2lwh011zmc0o2hbkevhn 2023-11-12T13:45:07.794Z weekly 0.6 https://kqlsearch.com/query/ComparisonIntuneandMDEDevices&clougdty1011amc0ostragepu 2023-11-11T19:42:06.552Z weekly 0.6 https://kqlsearch.com/query/WorkloadIdentityInfo_EnrichedByEntraOps&clou3n3er0111mc0of8x5e9uo 2023-11-11T13:45:23.571Z weekly 0.6 https://kqlsearch.com/query/AzADSPI_EnrichedByEntraOps&clou3mwqx0110mc0o9pgety8v 2023-11-11T13:45:15.080Z weekly 0.6 https://kqlsearch.com/query/AzADSPI&clou3mrho010zmc0ojuiu6hk4 2023-11-11T13:45:08.267Z weekly 0.6 https://kqlsearch.com/query/AllPrivilegedIdentityInfo&clou3mm38010ymc0o65ls07yz 2023-11-11T13:45:01.267Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20DailyTableEvents&cloq6358h00yhmc0o6zm3aguy 2023-11-08T19:42:47.104Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20Email%20-%20PhishDetectionReasons&clono1wrd00wymc0o4ekp9ddt 2023-11-07T01:42:23.884Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20Email%20-%20MalwareDetectionReasons&clono1qp800wxmc0ote536s0o 2023-11-07T01:42:16.171Z weekly 0.6 https://kqlsearch.com/query/KerberosUnusualProcess&clonbmvvk00womc0oykz3lpq9 2023-11-06T19:54:47.647Z weekly 0.6 https://kqlsearch.com/query/Rare_Outgoing_IPv4_Connections&clolivh0a00vnmc0ovb7ser0t 2023-11-05T13:41:53.241Z weekly 0.6 https://kqlsearch.com/query/OutboundConhostConnection&clokgai4n00uymc0obivfuo2h 2023-11-04T19:41:49.510Z weekly 0.6 https://kqlsearch.com/query/Email%20-%20PotentialPhishingCampaign&cloj0vr7l00u1mc0o6utrk61s 2023-11-03T19:42:41.024Z weekly 0.6 https://kqlsearch.com/query/Networkaddresses-Parser&clohyczoz00temc0oke5zr3mz 2023-11-03T01:44:20.146Z weekly 0.6 https://kqlsearch.com/query/Mail%20Sending%20Limit%20exceeded&clohycs8d00tdmc0o2jgara63 2023-11-03T01:44:10.332Z weekly 0.6 https://kqlsearch.com/query/MDO%20-%20AuthenticationDetails&clohyciyj00tcmc0oy633fqmx 2023-11-03T01:43:58.458Z weekly 0.6 https://kqlsearch.com/query/MDE-FirewallConfiguration&clohyc1fp00tbmc0oclflc11x 2023-11-03T01:43:35.605Z weekly 0.6 https://kqlsearch.com/query/AzureAD-UserRiskOnPremisePasswordChange&clohybu9800tamc0o7zpaltyf 2023-11-03T01:43:26.443Z weekly 0.6 https://kqlsearch.com/query/AzureAD-AccessReviews&clohybn9500t9mc0oh3b11aow 2023-11-03T01:43:17.368Z weekly 0.6 https://kqlsearch.com/query/MDO-%20FindRelatedMails&clohy9lwy00t8mc0obqh2ez5u 2023-11-03T01:41:42.177Z weekly 0.6 https://kqlsearch.com/query/LocalAdminAdditions&clodb3ugc00qdmc0ocmvh74jt 2023-10-30T19:42:17.438Z weekly 0.6 https://kqlsearch.com/query/suspicious-commands-hunting-to-remove-files&clob60axy00p6mc0oyo19k4u2 2023-10-29T07:44:01.893Z weekly 0.6 https://kqlsearch.com/query/PrivilegedIdentities&cloago08x00opmc0o2nepjqyi 2023-10-28T19:54:37.618Z weekly 0.6 https://kqlsearch.com/query/AzADSPI&cloa3giji00oimc0oir8tnqoz 2023-10-28T13:44:53.073Z weekly 0.6 https://kqlsearch.com/query/LocalGroupCreation&clo9qh6o600o9mc0o7lac61cw 2023-10-28T07:41:29.337Z weekly 0.6 https://kqlsearch.com/query/USBConnectors&clo8nxm7x00nmmc0ojepcacak 2023-10-27T13:42:31.100Z weekly 0.6 https://kqlsearch.com/query/SuccessfulSignInFromNewCountry&clo6j34yl00m9mc0o9nu9tw5r 2023-10-26T01:51:18.236Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS_OverlyPermessiveKMS&clo65tpel00m2mc0obdwxach1 2023-10-25T19:40:03.164Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-Overly%20permissive%20AWS%20IAM%20policy&clo65t5ff00m1mc0o1d4d1glt 2023-10-25T19:39:37.131Z weekly 0.6 https://kqlsearch.com/query/User%20disabled%20Python%20Excel%20warning%20for%20executing%20untrusted%20code&clo63tmk500025i6wq3qv3rh3 2023-10-25T18:44:00.245Z weekly 0.6 https://kqlsearch.com/query/IdentityInfo-FindDuplicateGuestAccount&clo63thu200005i6w5z1zqfr1 2023-10-25T18:43:54.120Z weekly 0.6 https://kqlsearch.com/query/What%20Users%20Downloaded%20From%20The%20Internet&clo63cjpi00025iwwdmgzb067 2023-10-25T18:30:43.397Z weekly 0.6 https://kqlsearch.com/query/Cloud%20Discovery%20Performed%20by%20User%20at%20Risk&clo63cf6200005iwwt3b84xyk 2023-10-25T18:30:37.512Z weekly 0.6 https://kqlsearch.com/query/Curl-CVE-2023-38545%20-%20Devices%20not%20updated%20Yet&clo60cy8800025ijo5nxxf15l 2023-10-25T17:07:03.368Z weekly 0.6 https://kqlsearch.com/query/CobaltStrike%20C2&clo60cue900005ijoivj3c6at 2023-10-25T17:06:58.400Z weekly 0.6 https://kqlsearch.com/query/ThreatHunt-SuspiciousUserAgents&clo5zt8dg00005ick9qtnug2p 2023-10-25T16:51:43.394Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS%20logging%20modified&clo5syeqk00lsmc0o3yovuyfa 2023-10-25T13:39:47.611Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS%20GuardDuty%20configuration%20modified&clo5sy9nq00lrmc0oq825suyq 2023-10-25T13:39:41.028Z weekly 0.6 https://kqlsearch.com/query/ConnectedPnPTypes&clo4qh6kl00l2mc0ozjn211kc 2023-10-24T19:42:38.468Z weekly 0.6 https://kqlsearch.com/query/ConditionalAccess%20-%20ChangePolicy&clo3b0q3z00k5mc0o141mzmjl 2023-10-23T19:42:10.223Z weekly 0.6 https://kqlsearch.com/query/ConditionalAccess%20-%20AddPolicy&clo3b0kwb00k4mc0o44e1z3y1 2023-10-23T19:42:03.466Z weekly 0.6 https://kqlsearch.com/query/ConditionalAccess%20-%20UserFailures&clo1ioku100izmc0o2084vmfr 2023-10-22T13:41:08.088Z weekly 0.6 https://kqlsearch.com/query/ConditionalAccess%20-%20ApplicationFailures&clnz0op4h00hemc0ovvf7a4b2 2023-10-20T19:41:48.208Z weekly 0.6 https://kqlsearch.com/query/GraphRunnerReconnaissanceDetected&clnyb1rw100gxmc0oyxjl4rq8 2023-10-20T07:44:08.304Z weekly 0.6 https://kqlsearch.com/query/ConditionalAccess%20-%20DeletePolicy&clnxl94hi00gomc0o2z7pjgmk 2023-10-19T19:42:01.205Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20ConditionalAccess%20-%20SignInFailures&clnw5t5sm00frmc0o0mg8zrbl 2023-10-18T19:41:55.989Z weekly 0.6 https://kqlsearch.com/query/Device-KnownRansomwareVuln&clnvsn28r00famc0o9i2f4ljk 2023-10-18T13:33:16.300Z weekly 0.6 https://kqlsearch.com/query/MostExploitedVulnerabilities2022&clntaz56f00dxmc0oh6k8jpoe 2023-10-16T19:43:14.679Z weekly 0.6 https://kqlsearch.com/query/GraphActivityFromOtherIpAddress&clnriqmpo00csmc0obfrubsko 2023-10-15T13:45:01.932Z weekly 0.6 https://kqlsearch.com/query/AzureActivityFromOtherIpAddress&clnriqgxr00crmc0oubrdcj4h 2023-10-15T13:44:54.590Z weekly 0.6 https://kqlsearch.com/query/IndicatorOfTokenReplay_SignInActivityOutsideOfMdeDeviceIPAddresses&clnriq9rv00cqmc0o3yl1sbv5 2023-10-15T13:44:45.165Z weekly 0.6 https://kqlsearch.com/query/DirectoryRoleMemberWithClassification&clnriq3zs00cpmc0o60np8in1 2023-10-15T13:44:37.815Z weekly 0.6 https://kqlsearch.com/query/AzureActivityOutsideOfClassifiedPrivileges&clnripzsr00comc0oh6d5359l 2023-10-15T13:44:32.378Z weekly 0.6 https://kqlsearch.com/query/AddedAppRolesWithClassification&clnripwb700cnmc0o7jqk436r 2023-10-15T13:44:27.716Z weekly 0.6 https://kqlsearch.com/query/PurpleKnightReconnaissanceDetected&clnq38o9a00bqmc0o7v8xx1sm 2023-10-14T13:43:23.712Z weekly 0.6 https://kqlsearch.com/query/AzureHoundReconnaissanceDetected&clnq38g3h00bpmc0ox2m3uaw7 2023-10-14T13:43:13.276Z weekly 0.6 https://kqlsearch.com/query/AzureHoundActivityDetected&clnq38bfp00bomc0ooweontz8 2023-10-14T13:43:07.236Z weekly 0.6 https://kqlsearch.com/query/Multiple-AzureAADPowerShellAnomaly&clnkddrqq0083mc0orbvmeny4 2023-10-10T13:40:40.605Z weekly 0.6 https://kqlsearch.com/query/Device-DetectInvalidCertificates&clnk08pak007mmc0oo7ep19lo 2023-10-10T07:32:49.143Z weekly 0.6 https://kqlsearch.com/query/Curl-CVE-2023-38545&clnjavp0d007dmc0o4ohwap7q 2023-10-09T19:42:51.848Z weekly 0.6 https://kqlsearch.com/query/EntraID%20-%20SignInsByCompromisedAccount&clnjaua1z007cmc0o1pp5pv8m 2023-10-09T19:41:45.957Z weekly 0.6 https://kqlsearch.com/query/SingleFactorAuthenticationSignInUsingPasswordDetected&clngg0x16005lmc0og7a6ucwy 2023-10-07T19:43:35.225Z weekly 0.6 https://kqlsearch.com/query/MDI-SensitiveIdentityLogins&clndlj7ah003smc0o9262jnce 2023-10-05T19:54:27.881Z weekly 0.6 https://kqlsearch.com/query/MDI-AttackDisruption&clndlj27v003rmc0ota78e9h4 2023-10-05T19:54:21.157Z weekly 0.6 https://kqlsearch.com/query/MDE-Inactive-ADActive&clndlip0n003qmc0osfthgxke 2023-10-05T19:54:04.050Z weekly 0.6 https://kqlsearch.com/query/MDE-Detection-Removal%20and%20Quarantine%20actions&clndlii94003pmc0oc0veu6kb 2023-10-05T19:53:55.431Z weekly 0.6 https://kqlsearch.com/query/MDE-DeviceControl&clndlibaz003omc0oe6a8j5u8 2023-10-05T19:53:46.425Z weekly 0.6 https://kqlsearch.com/query/Multiple-Activity%20from%20a%20Tor%20IP%20address&clndle2p1003nmc0ortz42egt 2023-10-05T19:50:28.644Z weekly 0.6 https://kqlsearch.com/query/Multiple-Running%20container%20image%20MDVM%20vulnerability%20assessments&clnd874kk003gmc0oetl14jsr 2023-10-05T13:41:09.474Z weekly 0.6 https://kqlsearch.com/query/DetectionTemplate&clnc5o7mc002rmc0o7r4waudd 2023-10-04T19:42:41.555Z weekly 0.6 https://kqlsearch.com/query/Multiple-Running%20container%20image%20Qualys%20vulnerability%20assessments&clnc5lcic002qmc0o714kragd 2023-10-04T19:40:27.922Z weekly 0.6 https://kqlsearch.com/query/recently-received-emails-with-phishing-related-subject-keywords&clnbsyq3v002hmc0o0zbz7eas 2023-10-04T13:46:57.066Z weekly 0.6 https://kqlsearch.com/query/Multiple-Virtual%20machines%20MDVM%20vulnerability%20assessments&clnbsrz65002gmc0o58746wr5 2023-10-04T13:41:42.220Z weekly 0.6 https://kqlsearch.com/query/Multiple-Container%20registry%20image%20MDVM%20vulnerability%20assessments&clnbsrsg2002fmc0o5q8759vd 2023-10-04T13:41:33.357Z weekly 0.6 https://kqlsearch.com/query/review-recent-urlclick-events&clnadib3i001imc0ozrd682z9 2023-10-03T13:46:30.554Z weekly 0.6 https://kqlsearch.com/query/recently-received-emails-with-attachments&clnadi2kl001hmc0osg0nmqou 2023-10-03T13:46:19.652Z weekly 0.6 https://kqlsearch.com/query/delivered-emails-identified-as-suspicious&clnadhwsn001gmc0oc0zjpg2g 2023-10-03T13:46:12.019Z weekly 0.6 https://kqlsearch.com/query/ListEntraIDSignIns&clna0i2tr0017mc0o95l3izbl 2023-10-03T07:42:24.827Z weekly 0.6 https://kqlsearch.com/query/ImageFiles&cln9nf0ex000ymc0o581jj5oj 2023-10-03T01:36:06.872Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20MontySecurity%20C2%20Tracker%20All%20IPs&cln9asbt6000pmc0ov4f6lxyb 2023-10-02T19:42:33.012Z weekly 0.6 https://kqlsearch.com/query/MultipleTablesNoIngest&cln9akn3m000omc0o5rkrl9yh 2023-10-02T19:36:34.397Z weekly 0.6 https://kqlsearch.com/query/User%20elevated%20to%20User%20Access%20Administrator&cln8x70d300025id06mmgu41w 2023-10-02T13:22:03.543Z weekly 0.6 https://kqlsearch.com/query/Detect%20Inbound%20Phish%20With%20Base64%20Encoded%20Receipient&cln8x6vxv00005id03aajvx80 2023-10-02T13:21:57.810Z weekly 0.6 https://kqlsearch.com/query/find_new_usb_mount&cln674755009mmc0ohkhlv3uw 2023-09-30T15:36:29.992Z weekly 0.6 https://kqlsearch.com/query/IncidentsOfEntitiesInMDCAttackPaths&cln4hqpdx001k5i0o2ckhkzkv 2023-09-29T10:58:23.876Z weekly 0.6 https://kqlsearch.com/query/AzRbacAssignmentsOfRiskyUser&cln4hqdu5001j5i0ovg1x41e8 2023-09-29T10:58:08.899Z weekly 0.6 https://kqlsearch.com/query/SensitiveServicePrincipalsAzADSPI&cln4hq33b001i5i0o6ox8jye5 2023-09-29T10:57:54.982Z weekly 0.6 https://kqlsearch.com/query/NewCredentialAddedToSensitiveSP&cln4hpxla001h5i0oj1tdis63 2023-09-29T10:57:47.845Z weekly 0.6 https://kqlsearch.com/query/AuthenticationLibraries&cln4hoxqh001g5i0onhpzn87s 2023-09-29T10:57:01.384Z weekly 0.6 https://kqlsearch.com/query/AddedSensitiveApiPermissions&cln4hor4n001f5i0osz15jgoz 2023-09-29T10:56:52.814Z weekly 0.6 https://kqlsearch.com/query/AddedOwnerToApplicationForUnprivileged&cln4hockn001e5i0ol6t8j7jr 2023-09-29T10:56:33.958Z weekly 0.6 https://kqlsearch.com/query/AddedOwnerToApplicationByUnprivileged&cln4ho1fu001d5i0ob9l6l9xr 2023-09-29T10:56:19.521Z weekly 0.6 https://kqlsearch.com/query/Indicator%20of%20Token%20Replay%20-%20Sign-in%20Activity%20outside%20of%20MDE%20Device%20IP%20Addresses&cln4hntqa001c5i0ot1shwakf 2023-09-29T10:56:09.538Z weekly 0.6 https://kqlsearch.com/query/Azure%20Activity%20outside%20of%20Classified%20Privileges&cln4hnkc2001b5i0oi67dhy4a 2023-09-29T10:55:57.353Z weekly 0.6 https://kqlsearch.com/query/AuthTokenIssuer&cln4hnb5o001a5i0oromfooh6 2023-09-29T10:55:45.468Z weekly 0.6 https://kqlsearch.com/query/AuthMethods-Windows-Signin&cln4hn4v400195i0o1ijp8te1 2023-09-29T10:55:37.304Z weekly 0.6 https://kqlsearch.com/query/RepoVisibilityChangeToPublic&cln4hmxkv00185i0osnvg75gf 2023-09-29T10:55:27.870Z weekly 0.6 https://kqlsearch.com/query/PullRequestPolicyByPass&cln4hka4x00175i0ow9q0b6hm 2023-09-29T10:53:24.168Z weekly 0.6 https://kqlsearch.com/query/NewWorkflowUsingSecrets&cln4hjz3n00165i0o25cwxkqf 2023-09-29T10:53:09.875Z weekly 0.6 https://kqlsearch.com/query/InvitedOutsideCollabsAsOwner&cln4h9rcs00155i0ovdufns7z 2023-09-29T10:45:13.275Z weekly 0.6 https://kqlsearch.com/query/GitHubOrgSensitiveChangeActions&cln4h9l7e00145i0opuu9ldoy 2023-09-29T10:45:05.297Z weekly 0.6 https://kqlsearch.com/query/GitHubAppAddedToOrg&cln4h9cc000135i0ol6nmcssc 2023-09-29T10:44:53.807Z weekly 0.6 https://kqlsearch.com/query/FedCredIssuedRepoSensitiveAction&cln4h94lz00125i0olzoqmhj8 2023-09-29T10:44:43.790Z weekly 0.6 https://kqlsearch.com/query/FedCredCreatedForUnknownEntity&cln4h8sp100115i0omf7f71kb 2023-09-29T10:44:28.356Z weekly 0.6 https://kqlsearch.com/query/FedCredAzActivityWithoutSignInWorkflow&cln4h8jpx00105i0opr1fdsv5 2023-09-29T10:44:16.716Z weekly 0.6 https://kqlsearch.com/query/FedCredAuthFromNewWorkflow&cln4h875f000z5i0oce7cyh35 2023-09-29T10:44:00.425Z weekly 0.6 https://kqlsearch.com/query/Update%20of%20Authentication%20Methods%20Policy&cln4h7v1b000y5i0oafsbdgqm 2023-09-29T10:43:44.726Z weekly 0.6 https://kqlsearch.com/query/Registration%20of%20TAP%20by%20admin%20after%20successful%20strong%20authentication%20from%20user&cln4h7mw9000x5i0o7f97t1b7 2023-09-29T10:43:34.184Z weekly 0.6 https://kqlsearch.com/query/Blocked%20sign-in%20by%20User%20Credential%20Policy%20with%20TAP%20outside%20of%20the%20Authentication%20Methods%20Policy&cln4h7crw000w5i0oxkmxwb7f 2023-09-29T10:43:21.060Z weekly 0.6 https://kqlsearch.com/query/SuspiciousSSPRActivity&cln4h71zs000v5i0oz3nfmvba 2023-09-29T10:43:07.096Z weekly 0.6 https://kqlsearch.com/query/BlockingSSPRAttempts&cln4h6peg000t5i0ozz6uca5i 2023-09-29T10:42:50.775Z weekly 0.6 https://kqlsearch.com/query/WriteClassicAdministratorsOfAzSubscription&cln4h6hkv000r5i0o6zw0hr26 2023-09-29T10:42:40.639Z weekly 0.6 https://kqlsearch.com/query/SignInFromExternalPrivilegedUserWithoutMFAClaim&cln4h69to000p5i0oxb4qbhe4 2023-09-29T10:42:30.587Z weekly 0.6 https://kqlsearch.com/query/RiskySignInToAzurePortal&cln4h61mk000o5i0oh5n2h4op 2023-09-29T10:42:19.955Z weekly 0.6 https://kqlsearch.com/query/ResetMFAAuthCredByAdmin&cln4h5qy6000m5i0o7ueq6npe 2023-09-29T10:42:06.125Z weekly 0.6 https://kqlsearch.com/query/NonePasswordlessAuthenticationFromPrivilegedIdentities&cln4h5h0m000k5i0ojeweri8r 2023-09-29T10:41:53.246Z weekly 0.6 https://kqlsearch.com/query/ElevatedGAforAzureManagement&cln4h56ht000i5i0oxbo7h5o1 2023-09-29T10:41:39.617Z weekly 0.6 https://kqlsearch.com/query/AzureRbacAssignmentManagementGroup&cln4h4ytx000g5i0o6wh8ii6k 2023-09-29T10:41:29.684Z weekly 0.6 https://kqlsearch.com/query/UnusualAADConditionalAccessFailuresAfterPolicyChange&cln4h4p47000e5i0oic94sufp 2023-09-29T10:41:17.094Z weekly 0.6 https://kqlsearch.com/query/UnusualAADConditionalAccessFailures&cln4h4en8000c5i0oygow5olj 2023-09-29T10:41:03.515Z weekly 0.6 https://kqlsearch.com/query/AADConnectorAccount-OutsideOfWatchList&cln4h42zx000a5i0oyzaa5kdx 2023-09-29T10:40:48.421Z weekly 0.6 https://kqlsearch.com/query/AADConnectorAccount-AddedTAPorChangedPassword&cln4h3qve00085i0ovl69dx4h 2023-09-29T10:40:32.706Z weekly 0.6 https://kqlsearch.com/query/AADConnectorAccount-AADActivitiesWithEnrichedInformation&cln4h3imu00065i0oy8q9ueiy 2023-09-29T10:40:22.037Z weekly 0.6 https://kqlsearch.com/query/AADConnect-SignInsOutsideServerIP&cln4h387100045i0oj65gzqhx 2023-09-29T10:40:08.500Z weekly 0.6 https://kqlsearch.com/query/AADConnect-ChangedDirSyncSettings&cln4h2v8200025i0od4t066ts 2023-09-29T10:39:51.688Z weekly 0.6 https://kqlsearch.com/query/ModifyAzDevOpsServiceConnectionRBAC&cln4h2mlj00005i0opu33xphs 2023-09-29T10:39:40.517Z weekly 0.6 https://kqlsearch.com/query/ARG-LogStatusOfWindowsDevices&cln2m57ka0079mc0ookhl8cj6 2023-09-28T03:26:06.586Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20AccountsLongestPeriodWithoutPasswordReset&cln29mhyj0078mc0o4db5v0om 2023-09-27T21:35:38.346Z weekly 0.6 https://kqlsearch.com/query/TopNAccountsLongestPeriodWithoutPasswordReset&cln0u69zb006bmc0owqma056q 2023-09-26T21:35:21.094Z weekly 0.6 https://kqlsearch.com/query/lumma-stealer-using-tesla-browser-useragent&cln0h8lz60062mc0orjw72x21 2023-09-26T15:33:14.795Z weekly 0.6 https://kqlsearch.com/query/Multiple-Container%20registry%20image%20Azure%20vulnerability%20assessments&clmzehngj005dmc0olo08zp5c 2023-09-25T21:28:31.602Z weekly 0.6 https://kqlsearch.com/query/Parsing-UnifySignInLogs&clmz1sukm0054mc0o4sbprpmm 2023-09-25T15:33:19.033Z weekly 0.6 https://kqlsearch.com/query/AWSGuardDutyAlert&clmwjwgsp003jmc0ovu1d1xfq 2023-09-23T21:36:42.363Z weekly 0.6 https://kqlsearch.com/query/MDE-LocalAccountCreated&clmvu6amd0032mc0od89ah0dj 2023-09-23T09:36:31.045Z weekly 0.6 https://kqlsearch.com/query/MDE-DefenderAntivirusExclusions&clmvu61mg0031mc0ooo623379 2023-09-23T09:36:19.242Z weekly 0.6 https://kqlsearch.com/query/AzureAD-Groups&clmvu5ouz0030mc0o8bpmbusk 2023-09-23T09:36:02.701Z weekly 0.6 https://kqlsearch.com/query/AzureAD-BasicAuth&clmvu5hdc002zmc0ob4vymqzn 2023-09-23T09:35:53.135Z weekly 0.6 https://kqlsearch.com/query/QRPhishVictim&clmv4i6i3002imc0owxc78klx 2023-09-22T21:37:55.421Z weekly 0.6 https://kqlsearch.com/query/ListPublicIPs&clmv4ei8t002hmc0ommq6646f 2023-09-22T21:35:04.156Z weekly 0.6 https://kqlsearch.com/query/AzureTagSearch&clmtoy5jw001kmc0o2zens0je 2023-09-21T21:34:40.795Z weekly 0.6 https://kqlsearch.com/query/Multiple-Playbook%20run%20failed&clmtc3br7001bmc0ov26z4h7k 2023-09-21T15:34:46.961Z weekly 0.6 https://kqlsearch.com/query/savingperworkbook&clms9ql56000mmc0oh7s95lrw 2023-09-20T21:41:07.337Z weekly 0.6 https://kqlsearch.com/query/threat-hunting-template&clmrvyx2t00155inwopon7yn2 2023-09-20T15:15:41.428Z weekly 0.6 https://kqlsearch.com/query/identify-mitreattack-techniques&clmrvys7d00145inww9ayn38v 2023-09-20T15:15:35.113Z weekly 0.6 https://kqlsearch.com/query/endpoints-associated-with-multiple-deviceids&clmrvyltv00125inwkfwj1rl8 2023-09-20T15:15:26.843Z weekly 0.6 https://kqlsearch.com/query/device-last-seen&clmrvyh2s00105inw4ewo0n47 2023-09-20T15:15:20.691Z weekly 0.6 https://kqlsearch.com/query/count-devices-based-on-osversion&clmrvycdv000y5inwtjjcdwja 2023-09-20T15:15:14.611Z weekly 0.6 https://kqlsearch.com/query/completed-av-scan&clmrvy7ur000w5inwkm85yhg2 2023-09-20T15:15:08.738Z weekly 0.6 https://kqlsearch.com/query/ssl-inspection-for-malware-cnc&clmrvy2pw000u5inwjtivkind 2023-09-20T15:15:02.083Z weekly 0.6 https://kqlsearch.com/query/raspberry-robin-malware-cmd-invoking-msiexec&clmrvxx0y000s5inwgoze42c3 2023-09-20T15:14:54.705Z weekly 0.6 https://kqlsearch.com/query/onenote-invoking-browser-with-smartscreen-alert&clmrvxsgl000q5inw6yshihg3 2023-09-20T15:14:48.780Z weekly 0.6 https://kqlsearch.com/query/wscript-vbs-spawning-suspicious-processes&clmrvxl0w000o5inwhfacapbr 2023-09-20T15:14:39.152Z weekly 0.6 https://kqlsearch.com/query/screensaver-file-invoking-suspicious-processes&clmrvxdqx000m5inwwv74nzf6 2023-09-20T15:14:29.712Z weekly 0.6 https://kqlsearch.com/query/screensaver-file-invoking-internet-access&clmrvx4si000k5inwynjkgo90 2023-09-20T15:14:18.113Z weekly 0.6 https://kqlsearch.com/query/remcos-rat-checking-for-geolocation&clmrvwyaa000i5inw3bu1c3nw 2023-09-20T15:14:09.672Z weekly 0.6 https://kqlsearch.com/query/powershell-spawning-mshta-initiating-connection&clmrvw7yx000g5inw7w4v39hl 2023-09-20T15:13:35.576Z weekly 0.6 https://kqlsearch.com/query/powershell-base64-encoding&clmrvw1id000e5inwpfu708rl 2023-09-20T15:13:27.196Z weekly 0.6 https://kqlsearch.com/query/onenote-spawning-suspicious-processes&clmrvvu2w000c5inwqzu1jmum 2023-09-20T15:13:17.575Z weekly 0.6 https://kqlsearch.com/query/network-zipandmov-access&clmrvvp7w000a5inwlvli3va6 2023-09-20T15:13:11.267Z weekly 0.6 https://kqlsearch.com/query/dns-requests-to-suspicious-tlds&clmrvvi7d00085inwm9bhuplb 2023-09-20T15:13:02.184Z weekly 0.6 https://kqlsearch.com/query/MOVEit-exploit-hunting&clmrvvbn100065inwsqvi6unn 2023-09-20T15:12:53.667Z weekly 0.6 https://kqlsearch.com/query/CVE-2023-38831-winrar-spawning-cmd&clmrvv3hl00045inwqvh3d7b5 2023-09-20T15:12:43.112Z weekly 0.6 https://kqlsearch.com/query/CVE-2023-36884-url-marker&clmrvuwue00025inwnoc1fh49 2023-09-20T15:12:34.493Z weekly 0.6 https://kqlsearch.com/query/CVE-2023-36884-dropped-file&clmrvupuz00005inw0xmr8xrs 2023-09-20T15:12:25.449Z weekly 0.6 https://kqlsearch.com/query/Multiple-Container%20registry%20image%20Qualys%20Trivy%20vulnerability%20assessments&clmqpya9k00v1mc0kczcmpa13 2023-09-19T19:39:27.991Z weekly 0.6 https://kqlsearch.com/query/substitute%20json%20characters&clmqd5kjv00usmc0kstyyk4z3 2023-09-19T13:41:12.906Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Suspicious%20volume%20of%20logins%20to%20user%20account&clmqd54kk00urmc0kgagb1sdi 2023-09-19T13:40:52.052Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-Activity%20with%20AWS%20break%20glass%20user&clmqd3h3f00uqmc0koeb53lde 2023-09-19T13:39:34.971Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-SecurityControls_SmartScreen&clmq0ewvq00uhmc0k6q6jtyni 2023-09-19T07:44:33.637Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-SecurityControls_Firewall&clmq0enx300ugmc0kvyjf7f8p 2023-09-19T07:44:22.166Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-SecurityControls_ExploitGuard&clmq0egf400ufmc0kid0zkqm9 2023-09-19T07:44:12.303Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-SecurityControls_Credential%20Guard&clmq0e5pj00uemc0k0zx6otq0 2023-09-19T07:43:58.566Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-SecurityControls_BitLocker&clmq0dwan00udmc0kkra48uj3 2023-09-19T07:43:46.222Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-SecurityControls_AppLicationGuard&clmq0dmma00ucmc0km7rhh3lg 2023-09-19T07:43:33.825Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-SecurityControls_Antivirus_edr&clmq0dgar00ubmc0kzav103zs 2023-09-19T07:43:25.490Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-SecurityControls_ASR&clmq0cedq00uamc0kns8aqh61 2023-09-19T07:42:36.350Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-Network_NetworkProtection&clmq0c56900u9mc0k1lgfcrkn 2023-09-19T07:42:24.560Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-Accounts_LAPS&clmq0bxhb00u8mc0kcrd8opxg 2023-09-19T07:42:14.447Z weekly 0.6 https://kqlsearch.com/query/Sentinel-IngestionQuota&clmpnh9h200tzmc0kem8regio 2023-09-19T01:42:28.405Z weekly 0.6 https://kqlsearch.com/query/Sentinel-DataConnectorHealth&clmpnh1s800tymc0kjn5lm1dy 2023-09-19T01:42:18.295Z weekly 0.6 https://kqlsearch.com/query/Sentinel-AzureActivityDataConnectorCoverage&clmpngskp00txmc0kn3kvkm4w 2023-09-19T01:42:06.504Z weekly 0.6 https://kqlsearch.com/query/Sentinel-AutomationRulesPlaybooks&clmpngnyb00twmc0k0g4en5n1 2023-09-19T01:42:00.514Z weekly 0.6 https://kqlsearch.com/query/Sentinel-AnalyticRuleUpdates&clmpngi1900tvmc0kmo1tvpcc 2023-09-19T01:41:52.701Z weekly 0.6 https://kqlsearch.com/query/serversenrolledinWDATP&clmp1vsmu00temc0ktarqywx5 2023-09-18T15:37:54.869Z weekly 0.6 https://kqlsearch.com/query/scalarexpression&clmp1vpb300tdmc0kdcoz3iil 2023-09-18T15:37:50.558Z weekly 0.6 https://kqlsearch.com/query/qualys&clmp1vlnq00tcmc0kwphdkb7n 2023-09-18T15:37:45.829Z weekly 0.6 https://kqlsearch.com/query/multipleLAworkspaces&clmp1vics00tbmc0knyu50wci 2023-09-18T15:37:41.405Z weekly 0.6 https://kqlsearch.com/query/meraki_GROK&clmp1vdpm00tamc0ktli6ubvl 2023-09-18T15:37:35.529Z weekly 0.6 https://kqlsearch.com/query/maxoutputcolumns&clmp1v8wc00t9mc0ka9zgbmh1 2023-09-18T15:37:29.292Z weekly 0.6 https://kqlsearch.com/query/isempty&clmp1v4xz00t8mc0k1zriky7c 2023-09-18T15:37:24.025Z weekly 0.6 https://kqlsearch.com/query/heartbeatforscomagent&clmp1v1bf00t7mc0k56p5576z 2023-09-18T15:37:19.466Z weekly 0.6 https://kqlsearch.com/query/excessivefailedlogins&clmp1uxcz00t6mc0key7ka1js 2023-09-18T15:37:14.338Z weekly 0.6 https://kqlsearch.com/query/devices&clmp1urtb00t5mc0kizvvjm0u 2023-09-18T15:37:07.009Z weekly 0.6 https://kqlsearch.com/query/dataproviders&clmp1uju000t4mc0k1y9b3c6c 2023-09-18T15:36:56.807Z weekly 0.6 https://kqlsearch.com/query/dataparser&clmp1ugi700t3mc0krgks0e3j 2023-09-18T15:36:52.494Z weekly 0.6 https://kqlsearch.com/query/dataingestionthresholdlimits&clmp1ubap00t2mc0kejsfmt2j 2023-09-18T15:36:45.601Z weekly 0.6 https://kqlsearch.com/query/computersunhealthystate&clmp1u5fj00t1mc0kajkqr98w 2023-09-18T15:36:38.143Z weekly 0.6 https://kqlsearch.com/query/computersendingmostsecurityalerts&clmp1u0k300t0mc0kwc4szoz6 2023-09-18T15:36:31.827Z weekly 0.6 https://kqlsearch.com/query/allreportingcomputers&clmp1twl200szmc0kirzk4lv5 2023-09-18T15:36:26.536Z weekly 0.6 https://kqlsearch.com/query/adminskql&clmp1tskh00symc0kuattffph 2023-09-18T15:36:21.472Z weekly 0.6 https://kqlsearch.com/query/acrossworkspaceforFunction&clmp1tngf00sxmc0k0cfuyemc 2023-09-18T15:36:14.847Z weekly 0.6 https://kqlsearch.com/query/ZeroLogon_Ports&clmp1tj8u00swmc0kn2i1ilid 2023-09-18T15:36:09.248Z weekly 0.6 https://kqlsearch.com/query/WorkspacesAndTables&clmp1tc5100svmc0kpbi0xe3b 2023-09-18T15:36:00.181Z weekly 0.6 https://kqlsearch.com/query/Workspaces90DaysRetention&clmp1t6qv00sumc0k5i0m31af 2023-09-18T15:35:53.191Z weekly 0.6 https://kqlsearch.com/query/WorkspaceIDs&clmp1t39k00stmc0kogmxyyu7 2023-09-18T15:35:48.538Z weekly 0.6 https://kqlsearch.com/query/WorkbookDeletion&clmp1sz1p00ssmc0knxbbhbjm 2023-09-18T15:35:43.213Z weekly 0.6 https://kqlsearch.com/query/WorkbookCreation&clmp1sv6g00srmc0ky9y4oc4n 2023-09-18T15:35:38.200Z weekly 0.6 https://kqlsearch.com/query/WorkWeek&clmp1sqn800sqmc0k4w1fpbef 2023-09-18T15:35:32.181Z weekly 0.6 https://kqlsearch.com/query/WiresharkRSSTraffic&clmp1sina00spmc0ktf0p1gql 2023-09-18T15:35:21.958Z weekly 0.6 https://kqlsearch.com/query/Windows10LoggedInLast7Days&clmp1se1c00somc0k0bnvte0s 2023-09-18T15:35:15.841Z weekly 0.6 https://kqlsearch.com/query/WhoModifiedAnalyticsRule&clmp1s9hr00snmc0klcm34hje 2023-09-18T15:35:10.093Z weekly 0.6 https://kqlsearch.com/query/WhoDeletedAlertRule&clmp1s3ax00smmc0k7nc5ps19 2023-09-18T15:35:02.073Z weekly 0.6 https://kqlsearch.com/query/WhoChangedTheirAADPassword&clmp1rzfz00slmc0kwhbpvt7c 2023-09-18T15:34:56.928Z weekly 0.6 https://kqlsearch.com/query/WhoChangedConditionalAccessPolicy&clmp1ruh200skmc0k62m8i8fy 2023-09-18T15:34:50.630Z weekly 0.6 https://kqlsearch.com/query/WhiteList-FindWhoAccessedAzureSentinelthatShouldNot&clmp1rqry00sjmc0kp3mkqafv 2023-09-18T15:34:45.838Z weekly 0.6 https://kqlsearch.com/query/WhenUEBAwasEnabledByWho&clmp1rkhd00simc0kzrwombq8 2023-09-18T15:34:37.539Z weekly 0.6 https://kqlsearch.com/query/WebshellPosts&clmp1rgot00shmc0kv5k8c3d0 2023-09-18T15:34:32.765Z weekly 0.6 https://kqlsearch.com/query/WatchlistsCosts&clmp1rbvr00sgmc0ktpne62o0 2023-09-18T15:34:26.534Z weekly 0.6 https://kqlsearch.com/query/WatchlistNOTin&clmp1r6gp00sfmc0kupfao1lb 2023-09-18T15:34:19.371Z weekly 0.6 https://kqlsearch.com/query/WatchListDelete&clmp1r0vz00semc0kn1o95rfc 2023-09-18T15:34:12.286Z weekly 0.6 https://kqlsearch.com/query/WatchListAudit&clmp1qx7z00sdmc0kc1x4prj6 2023-09-18T15:34:07.534Z weekly 0.6 https://kqlsearch.com/query/UsersIPsPorts&clmp1qs2t00scmc0kov1473a5 2023-09-18T15:34:00.726Z weekly 0.6 https://kqlsearch.com/query/UsersConnectFromMultipleCity&clmp1qnxm00sbmc0khhgjizn4 2023-09-18T15:33:55.498Z weekly 0.6 https://kqlsearch.com/query/Usergrantedaccesstoanapp&clmp1qi2o00samc0ke4cm9e6n 2023-09-18T15:33:47.903Z weekly 0.6 https://kqlsearch.com/query/UserAccountLockedAAD&clmp1qewn00s9mc0kzox7glzx 2023-09-18T15:33:43.657Z weekly 0.6 https://kqlsearch.com/query/UpdateDataConnectors&clmp1qatx00s8mc0ki95fj4mj 2023-09-18T15:33:38.516Z weekly 0.6 https://kqlsearch.com/query/UpdateComplianceBarChart&clmp1q7bt00s7mc0kqs5w689k 2023-09-18T15:33:33.977Z weekly 0.6 https://kqlsearch.com/query/UnsuccessfulRulesinLast24&clmp1q0ru00s6mc0k79pmcn3f 2023-09-18T15:33:25.340Z weekly 0.6 https://kqlsearch.com/query/UEBA_IsDormant&clmp1pvwz00s5mc0kydbf9ss9 2023-09-18T15:33:19.186Z weekly 0.6 https://kqlsearch.com/query/UEBAEstimate&clmp1pr5s00s4mc0k2na7fcdu 2023-09-18T15:33:13.024Z weekly 0.6 https://kqlsearch.com/query/UEBACosts&clmp1pl5q00s3mc0ktt9soanr 2023-09-18T15:33:05.104Z weekly 0.6 https://kqlsearch.com/query/TrialExpiration&clmp1peov00s2mc0kz5cvij1i 2023-09-18T15:32:56.862Z weekly 0.6 https://kqlsearch.com/query/TrendofRequests&clmp1p8dt00s1mc0kbsexhmbm 2023-09-18T15:32:48.688Z weekly 0.6 https://kqlsearch.com/query/Tracking%20Privileged%20Account%20Rare%20Activity%20without%20AWS&clmp1p4rr00s0mc0k5tz633cv 2023-09-18T15:32:43.866Z weekly 0.6 https://kqlsearch.com/query/TotalIncidentsInLast6Months&clmp1oxjp00rzmc0k0rf309zu 2023-09-18T15:32:34.644Z weekly 0.6 https://kqlsearch.com/query/Top%20N%20by%20group%20example%20via%20LAG%20-%20option%201&clmp1orgq00rymc0ku70fyjyc 2023-09-18T15:32:26.621Z weekly 0.6 https://kqlsearch.com/query/Top%20N%20by%20Group%20example%20via%20top-nested%20-%20option%202&clmp1oi8n00rxmc0kblmx3kdn 2023-09-18T15:32:14.807Z weekly 0.6 https://kqlsearch.com/query/TimeRangeExample&clmp1ocuo00rwmc0kksg50kc4 2023-09-18T15:32:07.824Z weekly 0.6 https://kqlsearch.com/query/TimeBetweenDates&clmp1o90b00rvmc0kpf7xy9pk 2023-09-18T15:32:02.701Z weekly 0.6 https://kqlsearch.com/query/TieFighter&clmp1o5ud00rumc0ka79fx0yt 2023-09-18T15:31:58.740Z weekly 0.6 https://kqlsearch.com/query/ThreatStatus&clmp1o1fp00rtmc0kuwyzxjud 2023-09-18T15:31:53.028Z weekly 0.6 https://kqlsearch.com/query/ThreatIntelligenceTableCosts&clmp1nwhw00rsmc0kx2o0oso9 2023-09-18T15:31:46.487Z weekly 0.6 https://kqlsearch.com/query/ThreatIntelBag&clmp1nqh800rrmc0k7021q3av 2023-09-18T15:31:38.827Z weekly 0.6 https://kqlsearch.com/query/TeamsWasUserRoleChanged&clmp1nn2m00rqmc0kehpxyyui 2023-09-18T15:31:34.414Z weekly 0.6 https://kqlsearch.com/query/TeamsUserAddedtoTeamsChannel&clmp1nj3600rpmc0kisjphzfq 2023-09-18T15:31:29.109Z weekly 0.6 https://kqlsearch.com/query/TeamsSuspiciousElevationofPrivileges&clmp1neni00romc0k9uy6gacd 2023-09-18T15:31:23.501Z weekly 0.6 https://kqlsearch.com/query/TeamsSingleUsersDeleteMultipleTeams&clmp1n7dx00rnmc0kh171rpft 2023-09-18T15:31:13.944Z weekly 0.6 https://kqlsearch.com/query/TeamsListFederatedUsers&clmp1n1os00rmmc0kwycm3xgo 2023-09-18T15:31:06.699Z weekly 0.6 https://kqlsearch.com/query/TeamsExternalSuspiciousAccountsRevokedAccess&clmp1mvo100rlmc0kd4f237a1 2023-09-18T15:30:58.755Z weekly 0.6 https://kqlsearch.com/query/TeamsExternalRareUserAccess&clmp1mm7o00rkmc0k63fsdj10 2023-09-18T15:30:46.643Z weekly 0.6 https://kqlsearch.com/query/TeamsChannelDeleted&clmp1mghb00rjmc0kmi91qi11 2023-09-18T15:30:39.214Z weekly 0.6 https://kqlsearch.com/query/TeamsBotsorAppsAdded&clmp1md2k00rimc0kgs8845j9 2023-09-18T15:30:34.654Z weekly 0.6 https://kqlsearch.com/query/TeamsAADSigninsSuccessUnsuccess&clmp1m7kz00rhmc0k04r9iqrt 2023-09-18T15:30:27.682Z weekly 0.6 https://kqlsearch.com/query/TeamsAADSigninLogsRelatedtoTeamOwners&clmp1lzem00rgmc0kmbar6tsu 2023-09-18T15:30:16.943Z weekly 0.6 https://kqlsearch.com/query/TablesNotIngestingDatain3Days&clmp1lgvl00rfmc0kv2ckuva9 2023-09-18T15:29:53.072Z weekly 0.6 https://kqlsearch.com/query/TableUsageandCost&clmp1lalq00remc0kcmmx4ryb 2023-09-18T15:29:44.800Z weekly 0.6 https://kqlsearch.com/query/TableExistence&clmp1l4vy00rdmc0ku8pi281y 2023-09-18T15:29:37.534Z weekly 0.6 https://kqlsearch.com/query/TableData&clmp1l14t00rcmc0koqujbnmt 2023-09-18T15:29:32.668Z weekly 0.6 https://kqlsearch.com/query/SystemthatHaveUpdatedintheLast4Hours&clmp1kutp00rbmc0k5zgy012z 2023-09-18T15:29:24.352Z weekly 0.6 https://kqlsearch.com/query/SystemsReportingtoSentinel&clmp1kotr00ramc0k28xbosxm 2023-09-18T15:29:16.719Z weekly 0.6 https://kqlsearch.com/query/SystemRestoreDisabled&clmp1klc300r9mc0kd1u1gf0t 2023-09-18T15:29:12.194Z weekly 0.6 https://kqlsearch.com/query/SysmonEventsStorageSize&clmp1k6yt00r7mc0kvbgri1d7 2023-09-18T15:28:53.573Z weekly 0.6 https://kqlsearch.com/query/SysmonAMA&clmp1k31500r6mc0kuntz56be 2023-09-18T15:28:48.332Z weekly 0.6 https://kqlsearch.com/query/SysLogDaemon&clmp1jydr00r5mc0kfvtgb5tg 2023-09-18T15:28:42.446Z weekly 0.6 https://kqlsearch.com/query/SuspicousARMActivites&clmp1ju2100r4mc0kmxq1lscu 2023-09-18T15:28:36.840Z weekly 0.6 https://kqlsearch.com/query/SuccessfulRoleAssignments&clmp1jngh00r3mc0kwqclazz0 2023-09-18T15:28:28.148Z weekly 0.6 https://kqlsearch.com/query/SubsCreatedPerHour&clmp1jhrt00r2mc0kg7s4nkh8 2023-09-18T15:28:20.921Z weekly 0.6 https://kqlsearch.com/query/StoppedServices&clmp1je4700r1mc0ky9trsupz 2023-09-18T15:28:16.182Z weekly 0.6 https://kqlsearch.com/query/StopPLCIoTDevice&clmp1jaoj00r0mc0kmhp0y8qv 2023-09-18T15:28:11.589Z weekly 0.6 https://kqlsearch.com/query/Sparkles&clmp1j6j700qzmc0koroh5yd7 2023-09-18T15:28:06.355Z weekly 0.6 https://kqlsearch.com/query/SophosDisabled&clmp1iyrf00qymc0kl1hbfurh 2023-09-18T15:27:56.141Z weekly 0.6 https://kqlsearch.com/query/SolutionDataUsage&clmp1is6i00qxmc0kxjzd5l2b 2023-09-18T15:27:47.753Z weekly 0.6 https://kqlsearch.com/query/Solarwinds_ServerU_Vuln&clmp1im5600qwmc0k2o56ua1r 2023-09-18T15:27:39.788Z weekly 0.6 https://kqlsearch.com/query/SigninLogsNow&clmp1ifnq00qvmc0kdwqa4c37 2023-09-18T15:27:31.525Z weekly 0.6 https://kqlsearch.com/query/SigninLogsByDay%20-%20parsing%20UTC&clmp1i9sg00qumc0k81anjayr 2023-09-18T15:27:23.776Z weekly 0.6 https://kqlsearch.com/query/SigninLogsByBrowserandLocation&clmp1i3rm00qtmc0kkw85onfw 2023-09-18T15:27:16.113Z weekly 0.6 https://kqlsearch.com/query/SignatureVersionPie&clmp1hyi100qsmc0khtae13ze 2023-09-18T15:27:09.288Z weekly 0.6 https://kqlsearch.com/query/SignInbyLocation&clmp1hu8200qrmc0kyud9d2ym 2023-09-18T15:27:03.604Z weekly 0.6 https://kqlsearch.com/query/SharePointDownloads&clmp1hm4b00qqmc0ka9uvpyeo 2023-09-18T15:26:53.242Z weekly 0.6 https://kqlsearch.com/query/SentinelIncidentURLs-%20ALL&clmp1hgwv00qpmc0k5bgzryi9 2023-09-18T15:26:46.495Z weekly 0.6 https://kqlsearch.com/query/SentinelDataRetention&clmp1hctb00qomc0kvn27lvrg 2023-09-18T15:26:41.040Z weekly 0.6 https://kqlsearch.com/query/SecurityLogFileCleared&clmp1h8d100qnmc0km78w2n6b 2023-09-18T15:26:35.413Z weekly 0.6 https://kqlsearch.com/query/SecurityIndicentsCreatedinLastDay&clmp1h3xi00qmmc0kco09udhs 2023-09-18T15:26:29.670Z weekly 0.6 https://kqlsearch.com/query/SecurityChangePasswordResets&clmp1gzyt00qlmc0kzqea365o 2023-09-18T15:26:24.532Z weekly 0.6 https://kqlsearch.com/query/SQLServerAuditLogs&clmp1gwzr00qkmc0k2lqofqp8 2023-09-18T15:26:20.679Z weekly 0.6 https://kqlsearch.com/query/SMA%20and%20EMA%20examples&clmp1gtj600qimc0khne6v1fx 2023-09-18T15:26:16.194Z weekly 0.6 https://kqlsearch.com/query/Running%20total%20aka%20cumulative%20sum&clmp1gl0u00qgmc0khyzevby9 2023-09-18T15:26:05.023Z weekly 0.6 https://kqlsearch.com/query/RulesRuninLast30d&clmp1gb2k00qemc0kduqe2n7b 2023-09-18T15:25:52.268Z weekly 0.6 https://kqlsearch.com/query/RetentionPerTable&clmp1g7of00qcmc0kz14fvyjl 2023-09-18T15:25:47.870Z weekly 0.6 https://kqlsearch.com/query/RestartShutdownsLast7Days&clmp1g33x00qamc0ks2oz84oh 2023-09-18T15:25:41.949Z weekly 0.6 https://kqlsearch.com/query/ReportNoData&clmp1fyos00q8mc0kckziming 2023-09-18T15:25:36.219Z weekly 0.6 https://kqlsearch.com/query/RemoteWorkspaceQuery&clmp1fush00q6mc0kcmhyga4r 2023-09-18T15:25:31.169Z weekly 0.6 https://kqlsearch.com/query/RemoteLogon&clmp1fs4v00q4mc0k7w8t1z15 2023-09-18T15:25:27.586Z weekly 0.6 https://kqlsearch.com/query/RegistryCredentialTheft&clmp1fmhh00q2mc0krh3aiavm 2023-09-18T15:25:20.404Z weekly 0.6 https://kqlsearch.com/query/QueriesEachPersonRan&clmp1fib700q0mc0k2f4ut2hi 2023-09-18T15:25:14.995Z weekly 0.6 https://kqlsearch.com/query/ProxyShellExchange&clmp1fe2v00pymc0ksdnm5rfa 2023-09-18T15:25:09.369Z weekly 0.6 https://kqlsearch.com/query/ProxyShell&clmp1f9d200pwmc0kzyo7i6oa 2023-09-18T15:25:03.398Z weekly 0.6 https://kqlsearch.com/query/PrintNightmare&clmp1f5j400pvmc0kt0341hos 2023-09-18T15:24:58.431Z weekly 0.6 https://kqlsearch.com/query/PowerShellExecutionwithDownload&clmp1eztu00ptmc0kr4cq6jyu 2023-09-18T15:24:50.899Z weekly 0.6 https://kqlsearch.com/query/PowerShellExecution&clmp1et6t00prmc0kfyorlot8 2023-09-18T15:24:42.436Z weekly 0.6 https://kqlsearch.com/query/Potentialmaliciouseventsmap&clmp1ennw00ppmc0kc8j0tdim 2023-09-18T15:24:35.133Z weekly 0.6 https://kqlsearch.com/query/PoorPerfQuery&clmp1eel900pomc0kavuakw9n 2023-09-18T15:24:23.375Z weekly 0.6 https://kqlsearch.com/query/PolicyExemptions&clmp1e9xm00pnmc0kmw1i2dt4 2023-09-18T15:24:17.481Z weekly 0.6 https://kqlsearch.com/query/PolicyCreation&clmp1e4t900pmmc0k0fkzr8o0 2023-09-18T15:24:10.845Z weekly 0.6 https://kqlsearch.com/query/PlaybookActivity&clmp1e03t00plmc0kyl6akquk 2023-09-18T15:24:04.604Z weekly 0.6 https://kqlsearch.com/query/ParseBetween&clmp1du8o00pkmc0kyeozejei 2023-09-18T15:23:57.143Z weekly 0.6 https://kqlsearch.com/query/ParseAnomaliConfidenceScore&clmp1dovv00pjmc0kilqa5ed8 2023-09-18T15:23:50.202Z weekly 0.6 https://kqlsearch.com/query/PaloAltoStops&clmp1dl4z00pimc0kzmvhvjpu 2023-09-18T15:23:45.206Z weekly 0.6 https://kqlsearch.com/query/PackAllExample&clmp1dg8w00phmc0ky8lv0swa 2023-09-18T15:23:39.007Z weekly 0.6 https://kqlsearch.com/query/PKEXEC&clmp1dcqv00pgmc0kvxtr1rq1 2023-09-18T15:23:34.471Z weekly 0.6 https://kqlsearch.com/query/Overview_Queries&clmp1d8hn00pfmc0k1xaf4ga9 2023-09-18T15:23:28.814Z weekly 0.6 https://kqlsearch.com/query/Mean%20time%20to%20close&clmp1d24000pemc0k4ry6s3p5 2023-09-18T15:23:20.687Z weekly 0.6 https://kqlsearch.com/query/Mean%20time%20to%20acknowledge%20-%20last%2048%20hours&clmp1curx00pdmc0kzjq0srta 2023-09-18T15:23:11.040Z weekly 0.6 https://kqlsearch.com/query/Incidents%20status%20by%20creation%20time%20-%20last%2024%20hours&clmp1cl2w00pcmc0k8cde3ykf 2023-09-18T15:22:58.616Z weekly 0.6 https://kqlsearch.com/query/Incidents%20by%20status%20-%20last%2024%20hours&clmp1cepm00pbmc0kvhh8snu3 2023-09-18T15:22:50.221Z weekly 0.6 https://kqlsearch.com/query/Incidents%20by%20severity%20-%20last%2024%20hours&clmp1cb6100pamc0ktaku4bgq 2023-09-18T15:22:45.768Z weekly 0.6 https://kqlsearch.com/query/Incidents%20by%20closed%20classification%20-%20last%2024%20hours&clmp1c6z200p9mc0k3xevvu6h 2023-09-18T15:22:40.333Z weekly 0.6 https://kqlsearch.com/query/Unhealthy%20connectors&clmp1c2as00p8mc0khd63ktm7 2023-09-18T15:22:34.135Z weekly 0.6 https://kqlsearch.com/query/Total%20volume&clmp1bwi900p7mc0kgvij9nra 2023-09-18T15:22:26.769Z weekly 0.6 https://kqlsearch.com/query/TI%20by%20type&clmp1bsd700p6mc0kxpf2wkzs 2023-09-18T15:22:21.402Z weekly 0.6 https://kqlsearch.com/query/Anomalies&clmp1bls000p5mc0kab2u3jny 2023-09-18T15:22:12.864Z weekly 0.6 https://kqlsearch.com/query/Time%20saved&clmp1bgt300p4mc0ks9wbcfpx 2023-09-18T15:22:06.423Z weekly 0.6 https://kqlsearch.com/query/Closed%20incidents&clmp1babu00p3mc0kmjq8qbu4 2023-09-18T15:21:57.885Z weekly 0.6 https://kqlsearch.com/query/Actions%20performed&clmp1b4gm00p2mc0k9c7dgokl 2023-09-18T15:21:50.421Z weekly 0.6 https://kqlsearch.com/query/OnlineOffline&clmp1ayid00p1mc0kzr3cn7tt 2023-09-18T15:21:42.568Z weekly 0.6 https://kqlsearch.com/query/OfficeUsertoAdminGroup&clmp1as6100p0mc0kdun6x2wo 2023-09-18T15:21:34.488Z weekly 0.6 https://kqlsearch.com/query/OfficeIngestDelay&clmp1anom00ozmc0kxd5vygax 2023-09-18T15:21:28.678Z weekly 0.6 https://kqlsearch.com/query/NumberofEventsOveraSelectedTime&clmp1akb400oymc0kpm8zp4if 2023-09-18T15:21:24.161Z weekly 0.6 https://kqlsearch.com/query/NotLoggedIn&clmp1afyp00oxmc0kg5xjeol7 2023-09-18T15:21:18.673Z weekly 0.6 https://kqlsearch.com/query/NotEqual&clmp1acwk00owmc0kl6hijtjj 2023-09-18T15:21:14.707Z weekly 0.6 https://kqlsearch.com/query/NoUnassignedIncidents&clmp1a7qk00ovmc0k5clqreoy 2023-09-18T15:21:07.871Z weekly 0.6 https://kqlsearch.com/query/NoTotalOpenIncidentsin90&clmp1a26m00oumc0k4c6dfm4f 2023-09-18T15:21:00.813Z weekly 0.6 https://kqlsearch.com/query/NoNewOpenIncidents24hrs&clmp19wuo00otmc0kj6yp9990 2023-09-18T15:20:53.903Z weekly 0.6 https://kqlsearch.com/query/NoLogintoAADin90Days&clmp19r8e00osmc0k1ct6y013 2023-09-18T15:20:46.481Z weekly 0.6 https://kqlsearch.com/query/NoIncidentsClosedin90&clmp19kmo00ormc0k6ybbnb6t 2023-09-18T15:20:38.063Z weekly 0.6 https://kqlsearch.com/query/NewYearChampagneGlass&clmp19g3u00oqmc0koig7uu8u 2023-09-18T15:20:32.201Z weekly 0.6 https://kqlsearch.com/query/NewBruteForceAttacks&clmp19a5k00opmc0k3ayxfm4e 2023-09-18T15:20:24.347Z weekly 0.6 https://kqlsearch.com/query/NewAdmins&clmp193z100oomc0kedn8mp5y 2023-09-18T15:20:16.477Z weekly 0.6 https://kqlsearch.com/query/NetLogonPatchCompliance&clmp18xhn00onmc0ktjdezvqm 2023-09-18T15:20:07.934Z weekly 0.6 https://kqlsearch.com/query/NSGChangesbyUserandResource&clmp18stk00ommc0kexo55cwt 2023-09-18T15:20:02.023Z weekly 0.6 https://kqlsearch.com/query/NSGChangesByUser&clmp18otq00olmc0kk3k1unvm 2023-09-18T15:19:56.846Z weekly 0.6 https://kqlsearch.com/query/NRTFailed&clmp18ih700okmc0ka174dp8m 2023-09-18T15:19:48.478Z weekly 0.6 https://kqlsearch.com/query/MostGeneratedIncidents&clmp18dve00ojmc0koprki6df 2023-09-18T15:19:42.650Z weekly 0.6 https://kqlsearch.com/query/MimiKatzDetection&clmp188n600oimc0kymnae9s0 2023-09-18T15:19:35.873Z weekly 0.6 https://kqlsearch.com/query/MerakiSIGRED&clmp182xl00ohmc0kprq63l9a 2023-09-18T15:19:28.331Z weekly 0.6 https://kqlsearch.com/query/MerakiParser&clmp14ng500ogmc0k344rphcb 2023-09-18T15:16:48.437Z weekly 0.6 https://kqlsearch.com/query/MerakiPKIActivity&clmp14idl00ofmc0k9es4jen4 2023-09-18T15:16:41.864Z weekly 0.6 https://kqlsearch.com/query/MerakiDeviceInformation&clmp14eih00oemc0kbc5aido1 2023-09-18T15:16:36.716Z weekly 0.6 https://kqlsearch.com/query/MerakiDeviceChanges&clmp149x100odmc0kcxle5anj 2023-09-18T15:16:30.900Z weekly 0.6 https://kqlsearch.com/query/MerakiDenialofService&clmp145a900ocmc0kotcryxr2 2023-09-18T15:16:24.897Z weekly 0.6 https://kqlsearch.com/query/MerakiConf2&clmp141pm00obmc0knojjtge3 2023-09-18T15:16:20.124Z weekly 0.6 https://kqlsearch.com/query/MalwareEngShutdown&clmp13p9400oamc0kfb0lyi8g 2023-09-18T15:16:03.979Z weekly 0.6 https://kqlsearch.com/query/Make-series%20for%20gaps&clmp13k9300o9mc0kjaohta5y 2023-09-18T15:15:57.638Z weekly 0.6 https://kqlsearch.com/query/Make%20series%20to%20fill%20in%20gaps%20with%20default%20for%20bin%20by%20bucket&clmp13cht00o8mc0k7s8ruczj 2023-09-18T15:15:47.444Z weekly 0.6 https://kqlsearch.com/query/MV-EpandExample&clmp1353b00o7mc0kqli6awp2 2023-09-18T15:15:37.991Z weekly 0.6 https://kqlsearch.com/query/MITRETacticIncident&clmp12zga00o6mc0k6it2wj6f 2023-09-18T15:15:30.682Z weekly 0.6 https://kqlsearch.com/query/MDTISourceTI&clmp12w5f00o5mc0kvgmgz37o 2023-09-18T15:15:26.262Z weekly 0.6 https://kqlsearch.com/query/LookingforInstalledKBIDs&clmp12ske00o4mc0ktnogn3gq 2023-09-18T15:15:21.758Z weekly 0.6 https://kqlsearch.com/query/LookbackQuery&clmp12p2b00o3mc0knkdfm8lu 2023-09-18T15:15:17.218Z weekly 0.6 https://kqlsearch.com/query/LoginsByAccountPerLocation&clmp12jo500o2mc0kbh7ndxlr 2023-09-18T15:15:10.228Z weekly 0.6 https://kqlsearch.com/query/LoginLocationNotInUS&clmp12f6z00o1mc0klnnbrwn5 2023-09-18T15:15:04.426Z weekly 0.6 https://kqlsearch.com/query/LoginFailureUnknownUserNameorBadPassword&clmp12bca00o0mc0kk7ulrwzy 2023-09-18T15:14:59.433Z weekly 0.6 https://kqlsearch.com/query/LoginFailureButPasswordChangeRequired&clmp127k200nzmc0k19vxkahw 2023-09-18T15:14:54.529Z weekly 0.6 https://kqlsearch.com/query/LogSources&clmp1248i00nymc0k6f4wafdq 2023-09-18T15:14:50.225Z weekly 0.6 https://kqlsearch.com/query/LockedUsers&clmp11w6i00nxmc0kxkk1c7du 2023-09-18T15:14:39.645Z weekly 0.6 https://kqlsearch.com/query/ListofDomains&clmp11qpq00nwmc0krzjek4b5 2023-09-18T15:14:32.702Z weekly 0.6 https://kqlsearch.com/query/LinksinTeamsMessages&clmp11moh00nvmc0kpq96vi2v 2023-09-18T15:14:27.472Z weekly 0.6 https://kqlsearch.com/query/LineNumbers-serialize&clmp11j8g00numc0k4pn04iwd 2023-09-18T15:14:22.867Z weekly 0.6 https://kqlsearch.com/query/LegacyAuthSignin&clmp11eas00ntmc0kywnckfvi 2023-09-18T15:14:16.610Z weekly 0.6 https://kqlsearch.com/query/Latency%20for%20a%20Log%20Analytics%20example%20with%20rolling%20percentiles&clmp1195e00nrmc0kyxztn79a 2023-09-18T15:14:09.938Z weekly 0.6 https://kqlsearch.com/query/LastTimeMessageReceived&clmp114ln00npmc0ko1m42gfq 2023-09-18T15:14:03.902Z weekly 0.6 https://kqlsearch.com/query/LastTimeDataReceived&clmp10zgx00nnmc0k8h6e7j9e 2023-09-18T15:13:57.392Z weekly 0.6 https://kqlsearch.com/query/LastLogin&clmp10s6c00nlmc0kgkvxqvpl 2023-09-18T15:13:47.798Z weekly 0.6 https://kqlsearch.com/query/Language%20demo%20just%20for%20fun%20and%20demo%20pattern%20replace&clmp10mff00njmc0katag0jjq 2023-09-18T15:13:40.491Z weekly 0.6 https://kqlsearch.com/query/LAG%20analysis%20example&clmp10cw800nhmc0kgy70qyl9 2023-09-18T15:13:27.994Z weekly 0.6 https://kqlsearch.com/query/KaseyaREvil&clmp0zvfq00nfmc0krwx3tbs0 2023-09-18T15:13:05.509Z weekly 0.6 https://kqlsearch.com/query/KDCforKRBTGTPassword&clmp0zrqs00ndmc0kiltpigin 2023-09-18T15:13:00.723Z weekly 0.6 https://kqlsearch.com/query/IntuneisCompliantByOSandOSVersion&clmp0zm9300nbmc0kbyf47dbn 2023-09-18T15:12:53.607Z weekly 0.6 https://kqlsearch.com/query/Intunecomputershutdowns&clmp0zhek00n9mc0krq4kidv0 2023-09-18T15:12:47.324Z weekly 0.6 https://kqlsearch.com/query/IntuneTopuserswithauditedactions&clmp0zcg100n7mc0kswrhb0yj 2023-09-18T15:12:40.896Z weekly 0.6 https://kqlsearch.com/query/IntuneSummarizebyOperation&clmp0z8qx00n5mc0k0sg5olw2 2023-09-18T15:12:36.103Z weekly 0.6 https://kqlsearch.com/query/IntuneSuccessfulSynchedDevice&clmp0z5yy00n3mc0kekvi5iie 2023-09-18T15:12:32.505Z weekly 0.6 https://kqlsearch.com/query/IntuneRemoteactionstopusers&clmp0z37p00n2mc0kp2ezhz4c 2023-09-18T15:12:28.933Z weekly 0.6 https://kqlsearch.com/query/IntuneRemoteactionsbyactiontype&clmp0yzac00n0mc0kzoudjxaw 2023-09-18T15:12:23.844Z weekly 0.6 https://kqlsearch.com/query/IntuneRecentEventsbyAccounts&clmp0yvck00mymc0koic8n0ak 2023-09-18T15:12:18.739Z weekly 0.6 https://kqlsearch.com/query/IntuneNotCompliant2&clmp0ys0o00mwmc0k52xssvgc 2023-09-18T15:12:14.423Z weekly 0.6 https://kqlsearch.com/query/IntuneNotCompliant&clmp0ympc00mumc0kej629en5 2023-09-18T15:12:07.535Z weekly 0.6 https://kqlsearch.com/query/IntuneEnrollmentSuccessbyEnrollmentType&clmp0yi2k00msmc0k9g9aqxzp 2023-09-18T15:12:01.391Z weekly 0.6 https://kqlsearch.com/query/IntuneEnrollmentStatistics&clmp0ydbu00mqmc0kg5b0i45l 2023-09-18T15:11:55.386Z weekly 0.6 https://kqlsearch.com/query/IntuneEnrollmentFailuresbyPlatform&clmp0y9la00mpmc0kismzx77w 2023-09-18T15:11:50.542Z weekly 0.6 https://kqlsearch.com/query/IntuneEnrollmentFailuresbyEnrollmentType&clmp0y3rh00mnmc0k5ro5bpo3 2023-09-18T15:11:42.848Z weekly 0.6 https://kqlsearch.com/query/IntuneEnrollmentFailurereasons&clmp0xyzs00mlmc0kzhjbnmz6 2023-09-18T15:11:36.808Z weekly 0.6 https://kqlsearch.com/query/IntuneEnrollmentEventsTrend&clmp0xu7l00mjmc0koylf8fhm 2023-09-18T15:11:30.609Z weekly 0.6 https://kqlsearch.com/query/IntuneDevicesNotinCompliance&clmp0xpyk00mhmc0kyr7q9mxf 2023-09-18T15:11:25.100Z weekly 0.6 https://kqlsearch.com/query/IntuneDevicesNotSupported&clmp0xhrh00mfmc0kl2n8vdiv 2023-09-18T15:11:14.477Z weekly 0.6 https://kqlsearch.com/query/IntuneCountofSuccessfulEnrollmentsbyOS&clmp0xds300mdmc0kuzvrvnd9 2023-09-18T15:11:09.314Z weekly 0.6 https://kqlsearch.com/query/IntuneComplianceFailuresbyReason&clmp0xa7800mbmc0kavpgrab3 2023-09-18T15:11:04.676Z weekly 0.6 https://kqlsearch.com/query/IntuneComplianceFailuresbyOperatingSystem&clmp0x4i500m9mc0krxhxba9c 2023-09-18T15:10:57.149Z weekly 0.6 https://kqlsearch.com/query/IntuneAuditEventsTrend&clmp0wy6n00m7mc0k2xgf05cj 2023-09-18T15:10:49.102Z weekly 0.6 https://kqlsearch.com/query/IntuneAuditEvents&clmp0wv0j00m5mc0k65ohqwys 2023-09-18T15:10:44.994Z weekly 0.6 https://kqlsearch.com/query/IntuneActivityTypes&clmp0wrn800m3mc0kblgxu4gc 2023-09-18T15:10:40.628Z weekly 0.6 https://kqlsearch.com/query/Intune-Enrollmentsabandonedbytheuser&clmp0woe900m1mc0kri4on73w 2023-09-18T15:10:36.273Z weekly 0.6 https://kqlsearch.com/query/Intune-DeviceThreatLevelnotSecured&clmp0wgkd00lzmc0kspulb6z5 2023-09-18T15:10:26.268Z weekly 0.6 https://kqlsearch.com/query/Intune-AutoPilotFailedEnrollment1Day&clmp0wcqg00lxmc0kgx47khaf 2023-09-18T15:10:21.303Z weekly 0.6 https://kqlsearch.com/query/IngestionDelaySnippet&clmp0w8cv00lvmc0kcln4dict 2023-09-18T15:10:15.487Z weekly 0.6 https://kqlsearch.com/query/IngestionDelay&clmp0w3p900ltmc0kn93rkw7t 2023-09-18T15:10:09.596Z weekly 0.6 https://kqlsearch.com/query/Incidents&clmp0vyq800lrmc0k47hd7kvz 2023-09-18T15:10:03.152Z weekly 0.6 https://kqlsearch.com/query/IncidentOwnerChange&clmp0vvm100lpmc0kkmmcqxxb 2023-09-18T15:09:59.112Z weekly 0.6 https://kqlsearch.com/query/IncidentID2RuleName&clmp0vnwe00lnmc0k1jppckjd 2023-09-18T15:09:48.977Z weekly 0.6 https://kqlsearch.com/query/ImpossibleTravelMCAS&clmp0vgoc00llmc0kh59yshst 2023-09-18T15:09:39.612Z weekly 0.6 https://kqlsearch.com/query/ImpossibleTravelKQL&clmp0vbeu00ljmc0kac3kui02 2023-09-18T15:09:32.933Z weekly 0.6 https://kqlsearch.com/query/HuntingQueriesAzureActivitySuccessandFailures&clmp0v6xr00lhmc0kgclbf4bp 2023-09-18T15:09:27.134Z weekly 0.6 https://kqlsearch.com/query/HuntingBookmarkHealth&clmp0v19800lfmc0k1qwvsssq 2023-09-18T15:09:19.771Z weekly 0.6 https://kqlsearch.com/query/HowManyQueriesEachPersonRan&clmp0uw5h00ldmc0kvksuqhai 2023-09-18T15:09:13.156Z weekly 0.6 https://kqlsearch.com/query/HowManyHostLogons&clmp0up3v00lbmc0kx4kal7o1 2023-09-18T15:09:04.026Z weekly 0.6 https://kqlsearch.com/query/HowManyAlertsGeneratedByService&clmp0ul5h00l9mc0kfdj9z2a4 2023-09-18T15:08:58.900Z weekly 0.6 https://kqlsearch.com/query/HourMinute&clmp0ugeq00l7mc0kdkdrmk52 2023-09-18T15:08:52.753Z weekly 0.6 https://kqlsearch.com/query/HighRiskUserSigninResourceGroupCreation&clmp0ud2000l5mc0ki67mwkax 2023-09-18T15:08:48.407Z weekly 0.6 https://kqlsearch.com/query/Heartbeatnotreceivedinlast30min&clmp0u6h200l3mc0ks2v2y0us 2023-09-18T15:08:39.878Z weekly 0.6 https://kqlsearch.com/query/GuestsAddedtoRoles&clmp0u1k100l1mc0k5zjgsf3x 2023-09-18T15:08:33.504Z weekly 0.6 https://kqlsearch.com/query/GuestAccountAdds&clmp0toh200kzmc0krfy0vb1h 2023-09-18T15:08:16.549Z weekly 0.6 https://kqlsearch.com/query/GreaterThanOneCity&clmp0ti0f00kxmc0k7bkvcu2y 2023-09-18T15:08:08.174Z weekly 0.6 https://kqlsearch.com/query/GetTags&clmp0tdye00kvmc0k42cush14 2023-09-18T15:08:02.774Z weekly 0.6 https://kqlsearch.com/query/GEOIPLocation&clmp0ta7w00ktmc0kkisqvyzz 2023-09-18T15:07:58.075Z weekly 0.6 https://kqlsearch.com/query/FileExecutionOver5Times&clmp0t6dc00krmc0kjfiiaaom 2023-09-18T15:07:53.087Z weekly 0.6 https://kqlsearch.com/query/FailedLoginsPerAccount&clmp0t0yu00kpmc0kegs19f9q 2023-09-18T15:07:46.085Z weekly 0.6 https://kqlsearch.com/query/ExternalGEOforSecurityEvents&clmp0sxoi00knmc0kceznayh8 2023-09-18T15:07:41.825Z weekly 0.6 https://kqlsearch.com/query/ExternalAccess&clmp0sts800klmc0k0dlyovz3 2023-09-18T15:07:36.775Z weekly 0.6 https://kqlsearch.com/query/ExpiredPassword&clmp0spj400kjmc0kkrkepzfm 2023-09-18T15:07:31.263Z weekly 0.6 https://kqlsearch.com/query/ExistingConditionalAccessPolicies&clmp0sm5j00khmc0kmcqhyo5u 2023-09-18T15:07:26.886Z weekly 0.6 https://kqlsearch.com/query/ExecutedProcesses&clmp0siip00kfmc0k2khdmk3q 2023-09-18T15:07:22.177Z weekly 0.6 https://kqlsearch.com/query/EventVolumePerTable&clmp0se9k00kdmc0kewkw4q6f 2023-09-18T15:07:16.519Z weekly 0.6 https://kqlsearch.com/query/EventLogSources&clmp0s8gx00kbmc0khybpp7hq 2023-09-18T15:07:09.153Z weekly 0.6 https://kqlsearch.com/query/EventIDsinLastDay&clmp0s5xg00k9mc0krdno5qrm 2023-09-18T15:07:05.860Z weekly 0.6 https://kqlsearch.com/query/EventIDStorageinBytes&clmp0s1us00k7mc0ko9kgdst2 2023-09-18T15:07:00.438Z weekly 0.6 https://kqlsearch.com/query/EmailForwarding&clmp0rwyt00k5mc0k1kboclqw 2023-09-18T15:06:54.244Z weekly 0.6 https://kqlsearch.com/query/EPSperTable&clmp0rrkp00k3mc0k8h0bryoa 2023-09-18T15:06:47.256Z weekly 0.6 https://kqlsearch.com/query/EPSforM365AdvancedTables&clmp0rkza00k1mc0kpniquqc0 2023-09-18T15:06:38.710Z weekly 0.6 https://kqlsearch.com/query/Duration%20of%20session&clmp0rfxy00jzmc0k4vwmolw9 2023-09-18T15:06:32.181Z weekly 0.6 https://kqlsearch.com/query/DormantAccounts&clmp0r9nn00jxmc0k0avtqvq6 2023-09-18T15:06:23.891Z weekly 0.6 https://kqlsearch.com/query/DomainAdminsEnterpriseAdmins&clmp0r33b00jvmc0k2y0m3d3a 2023-09-18T15:06:15.526Z weekly 0.6 https://kqlsearch.com/query/Does%20a%20table%20exist&clmp0qxvy00jtmc0k681pt7dy 2023-09-18T15:06:08.638Z weekly 0.6 https://kqlsearch.com/query/DirectReport&clmp0qtff00jrmc0kp1wx7vcz 2023-09-18T15:06:03.002Z weekly 0.6 https://kqlsearch.com/query/DirectAgent&clmp0qpl300jpmc0k82anoc6g 2023-09-18T15:05:58.022Z weekly 0.6 https://kqlsearch.com/query/DeviceStopsReporting&clmp0qlf300jnmc0krqca7x2u 2023-09-18T15:05:52.479Z weekly 0.6 https://kqlsearch.com/query/DefenderLiveResponse&clmp0qfv000jlmc0kh8m5mqwx 2023-09-18T15:05:45.419Z weekly 0.6 https://kqlsearch.com/query/DefenderExclusions&clmp0qboe00jjmc0kusk365ba 2023-09-18T15:05:39.998Z weekly 0.6 https://kqlsearch.com/query/DefenderAVNotSuccessful&clmp0q7hy00jhmc0khd7ylfrl 2023-09-18T15:05:34.440Z weekly 0.6 https://kqlsearch.com/query/Debugging%20authentication%20sign-ins&clmp0q1mb00jfmc0kakjvombe 2023-09-18T15:05:26.962Z weekly 0.6 https://kqlsearch.com/query/DayofWeek&clmp0pt6w00jdmc0kmqiscved 2023-09-18T15:05:15.898Z weekly 0.6 https://kqlsearch.com/query/DataTypeUsagePieChart&clmp0pogx00jbmc0ko2g61ty7 2023-09-18T15:05:09.921Z weekly 0.6 https://kqlsearch.com/query/DataRetentionChanges&clmp0pkba00j9mc0ks6zm8lez 2023-09-18T15:05:04.534Z weekly 0.6 https://kqlsearch.com/query/DataPerSyslogServer&clmp0pgh400j8mc0kbbyhjmvn 2023-09-18T15:04:59.559Z weekly 0.6 https://kqlsearch.com/query/DataPerComputer&clmp0pbyt00j6mc0k4vtaiuue 2023-09-18T15:04:53.716Z weekly 0.6 https://kqlsearch.com/query/DataIngestionNotHappening&clmp0p4k400j4mc0k1p6ge81p 2023-09-18T15:04:44.115Z weekly 0.6 https://kqlsearch.com/query/DataIngestEstimation&clmp0ozjr00j2mc0kd6ovwogz 2023-09-18T15:04:37.622Z weekly 0.6 https://kqlsearch.com/query/DataConnectorReqsFailedbyCallerIPOperation&clmp0op2500j0mc0kico8q7nt 2023-09-18T15:04:24.028Z weekly 0.6 https://kqlsearch.com/query/DataConnectorReqsFailed&clmp0olmi00iymc0kw3f9rma5 2023-09-18T15:04:19.577Z weekly 0.6 https://kqlsearch.com/query/DataConnectorOpened&clmp0ohjd00iwmc0knajgt2ty 2023-09-18T15:04:14.280Z weekly 0.6 https://kqlsearch.com/query/DataByProvider&clmp0odq400iumc0kng3awg2t 2023-09-18T15:04:09.339Z weekly 0.6 https://kqlsearch.com/query/DarkSideRansomware&clmp0oa5v00ismc0k02rpg9ue 2023-09-18T15:04:04.723Z weekly 0.6 https://kqlsearch.com/query/DNSActivity_Attempts_Per_Device&clmp0o51800iqmc0kztjtdurm 2023-09-18T15:03:58.076Z weekly 0.6 https://kqlsearch.com/query/Cross%20resource%20query&clmp0nyup00iomc0k26trdmz6 2023-09-18T15:03:49.921Z weekly 0.6 https://kqlsearch.com/query/CountriesWhereAgentedComputersReportFrom&clmp0ntgs00immc0k2y2xmx7h 2023-09-18T15:03:43.083Z weekly 0.6 https://kqlsearch.com/query/CostperEventID&clmp0no5700ikmc0kaselzkq6 2023-09-18T15:03:36.186Z weekly 0.6 https://kqlsearch.com/query/CostPerSubscription&clmp0njy400iimc0k2ehpydar 2023-09-18T15:03:30.748Z weekly 0.6 https://kqlsearch.com/query/ConnectorFailures&clmp0nd7b00igmc0kotfpd6md 2023-09-18T15:03:22.006Z weekly 0.6 https://kqlsearch.com/query/Conditional%20access%20changes%20new%20value%20and%20old%20value&clmp0n86j00iemc0ktmesdtu7 2023-09-18T15:03:15.355Z weekly 0.6 https://kqlsearch.com/query/CompareTotalRecordswithValuebyPercentage&clmp0n26h00icmc0kfc61omag 2023-09-18T15:03:07.720Z weekly 0.6 https://kqlsearch.com/query/CommonSecurityLogThroughput&clmp0mxri00iamc0kwe2wt7t1 2023-09-18T15:03:01.997Z weekly 0.6 https://kqlsearch.com/query/CommonSecurityLogCostsbyVendor&clmp0ms8d00i8mc0kdl3gy6v5 2023-09-18T15:02:54.829Z weekly 0.6 https://kqlsearch.com/query/CommentDeleted&clmp0mn4n00i6mc0krp52gsje 2023-09-18T15:02:48.214Z weekly 0.6 https://kqlsearch.com/query/Cloudshell2&clmp0mhde00i4mc0k5vwb5r0d 2023-09-18T15:02:40.610Z weekly 0.6 https://kqlsearch.com/query/CloudShellPart2&clmp0mavr00i2mc0kan7h5clj 2023-09-18T15:02:32.342Z weekly 0.6 https://kqlsearch.com/query/CloudShell&clmp0m4r400i0mc0kc837hi36 2023-09-18T15:02:24.399Z weekly 0.6 https://kqlsearch.com/query/CheckPointLogs&clmp0m0g500hymc0kpczxdvlb 2023-09-18T15:02:18.820Z weekly 0.6 https://kqlsearch.com/query/Check4LockedoutUser&clmp0lulm00hwmc0k835v201o 2023-09-18T15:02:11.241Z weekly 0.6 https://kqlsearch.com/query/CaseComments&clmp0lq6b00humc0k4f38gx0u 2023-09-18T15:02:04.437Z weekly 0.6 https://kqlsearch.com/query/CalculateSumofColumn&clmp0llmq00htmc0ki130x62b 2023-09-18T15:01:59.617Z weekly 0.6 https://kqlsearch.com/query/CVE-2023-23397-Detection&clmp0lhus00hsmc0kprvv3vuh 2023-09-18T15:01:54.582Z weekly 0.6 https://kqlsearch.com/query/CEFDevices&clmp0l8zi00hrmc0kmoysg8w2 2023-09-18T15:01:43.230Z weekly 0.6 https://kqlsearch.com/query/BuiltInFusionCreation&clmp0l3rs00hqmc0kvphrz935 2023-09-18T15:01:36.471Z weekly 0.6 https://kqlsearch.com/query/BrowserActivitybyGEO&clmp0kysv00hpmc0kfpv2hsj1 2023-09-18T15:01:29.890Z weekly 0.6 https://kqlsearch.com/query/BookmarksCreatedBy&clmp0kse400homc0k4daekz22 2023-09-18T15:01:21.723Z weekly 0.6 https://kqlsearch.com/query/BookmarkUpdate&clmp0kp7g00hnmc0kefn2r4kv 2023-09-18T15:01:17.596Z weekly 0.6 https://kqlsearch.com/query/BookMarkUpdatedBy&clmp0klk000hmmc0kwgg6fouv 2023-09-18T15:01:12.863Z weekly 0.6 https://kqlsearch.com/query/BitLockerMaliciousEncrypt&clmp0ki1y00hlmc0k183d8rii 2023-09-18T15:01:08.184Z weekly 0.6 https://kqlsearch.com/query/Billabledatavolumebysolution&clmp0kc0500hkmc0k7w1jmido 2023-09-18T15:01:00.484Z weekly 0.6 https://kqlsearch.com/query/Billabledatavolumebydatatype&clmp0k5zg00hjmc0k9a3ekl7l 2023-09-18T15:00:52.543Z weekly 0.6 https://kqlsearch.com/query/BillableDatabyDataType&clmp0k08m00himc0k0wj9be33 2023-09-18T15:00:45.237Z weekly 0.6 https://kqlsearch.com/query/AzurePortalLoginErrors&clmp0juks00hhmc0k8wvkkgez 2023-09-18T15:00:37.899Z weekly 0.6 https://kqlsearch.com/query/Azure%20Runbooks%20query%20with%20correlation&clmp0jqpf00hgmc0kobstd2pm 2023-09-18T15:00:32.741Z weekly 0.6 https://kqlsearch.com/query/AutomationRuleHasRun&clmp0jkvm00hfmc0kvfzbd4wr 2023-09-18T15:00:25.329Z weekly 0.6 https://kqlsearch.com/query/AutomationRuleDelete&clmp0jfnb00hemc0kz16rc422 2023-09-18T15:00:18.550Z weekly 0.6 https://kqlsearch.com/query/AnomalousToken&clmp0jbxw00hdmc0k0yzm3gy4 2023-09-18T15:00:13.606Z weekly 0.6 https://kqlsearch.com/query/AnomalousAADAccountCreation&clmp0j38u00hcmc0kej5ep2f2 2023-09-18T15:00:02.477Z weekly 0.6 https://kqlsearch.com/query/AnalyticsRulesRunbyTimes&clmp0iz1200hbmc0ke0zg49xo 2023-09-18T14:59:56.873Z weekly 0.6 https://kqlsearch.com/query/AnalyticsRuleLastRun&clmp0iufh00hamc0kcus264eq 2023-09-18T14:59:51.052Z weekly 0.6 https://kqlsearch.com/query/AnalyticsRuleDeleted&clmp0ir1o00h9mc0kuuf3yphb 2023-09-18T14:59:46.667Z weekly 0.6 https://kqlsearch.com/query/AnalyticsRuleCreatedorModifiedwithDisplayName&clmp0ilk200h8mc0kbuh60t8d 2023-09-18T14:59:39.413Z weekly 0.6 https://kqlsearch.com/query/AnalyticsRuleCreatedorModified&clmp0ie3t00h7mc0kn60sqmqu 2023-09-18T14:59:29.896Z weekly 0.6 https://kqlsearch.com/query/Allexes&clmp0i99j00h6mc0kwovowit1 2023-09-18T14:59:23.482Z weekly 0.6 https://kqlsearch.com/query/AlertProviderCounts&clmp0i2jq00h5mc0k6kp3eynn 2023-09-18T14:59:14.917Z weekly 0.6 https://kqlsearch.com/query/AlertIngestionTime&clmp08q1w00gwmc0kcmrxf67v 2023-09-18T14:51:58.676Z weekly 0.6 https://kqlsearch.com/query/AlertContextParser&clmp08ldz00gvmc0kogmbnilh 2023-09-18T14:51:52.774Z weekly 0.6 https://kqlsearch.com/query/AgentedDevicesnotADJoined&clmp08h8x00gumc0ksweyz7dy 2023-09-18T14:51:47.409Z weekly 0.6 https://kqlsearch.com/query/AgentProblems&clmp08d4h00gtmc0kf18897zl 2023-09-18T14:51:42.064Z weekly 0.6 https://kqlsearch.com/query/AgentInfowithLocation&clmp088x200gsmc0k6adk90el 2023-09-18T14:51:36.613Z weekly 0.6 https://kqlsearch.com/query/AdminConsent&clmp081p700grmc0kuhbkcnsu 2023-09-18T14:51:27.116Z weekly 0.6 https://kqlsearch.com/query/AddedorAssignedGlobalAdministratorroleperms&clmp07w9q00gqmc0k6m77va5t 2023-09-18T14:51:20.221Z weekly 0.6 https://kqlsearch.com/query/AddClientDataSource&clmp07o8f00gpmc0kr381ryii 2023-09-18T14:51:09.664Z weekly 0.6 https://kqlsearch.com/query/ActivityFromInfrequentCountry&clmp07j5q00gomc0k233h2xjx 2023-09-18T14:51:03.229Z weekly 0.6 https://kqlsearch.com/query/ActiveUsers&clmp07fgu00gnmc0k81gw8dqj 2023-09-18T14:50:58.445Z weekly 0.6 https://kqlsearch.com/query/ActiveIncidents&clmp07b5c00gmmc0kyxlwazfz 2023-09-18T14:50:52.705Z weekly 0.6 https://kqlsearch.com/query/Account-Created-Addedto-LocalAdministrator&clmp078am00glmc0k9fsdzya7 2023-09-18T14:50:49.150Z weekly 0.6 https://kqlsearch.com/query/ASCIncidentClosure&clmp0744m00gkmc0k6xrnj26s 2023-09-18T14:50:43.750Z weekly 0.6 https://kqlsearch.com/query/ARPPoisoning&clmp06ymv00gjmc0kv1gwn9ue 2023-09-18T14:50:36.488Z weekly 0.6 https://kqlsearch.com/query/AR-CloudShellExecution&clmp06sq600gimc0kfxw3x78y 2023-09-18T14:50:28.974Z weekly 0.6 https://kqlsearch.com/query/AR-BruteForce&clmp06mh000ghmc0k2sggm3fz 2023-09-18T14:50:20.725Z weekly 0.6 https://kqlsearch.com/query/AR-BreakGlassAccount&clmp06idj00ggmc0kib1reeca 2023-09-18T14:50:15.558Z weekly 0.6 https://kqlsearch.com/query/AMAAgent&clmp06e8s00gfmc0kozzrcbq0 2023-09-18T14:50:10.203Z weekly 0.6 https://kqlsearch.com/query/SecEvents-SummarizeLogonEvents&clmp03vjf00g6mc0kq7znkxw0 2023-09-18T14:48:12.507Z weekly 0.6 https://kqlsearch.com/query/SecEvents-PotentialRDPRecon&clmp03op100g5mc0key3j1o8x 2023-09-18T14:48:03.781Z weekly 0.6 https://kqlsearch.com/query/SecEvents-FindLateralMovementUsers&clmp03j5b00g4mc0knzxhf12n 2023-09-18T14:47:56.590Z weekly 0.6 https://kqlsearch.com/query/SecEvents-FindDevicesNoLongerSendingLogs&clmp03di500g3mc0klq9mt5s7 2023-09-18T14:47:49.277Z weekly 0.6 https://kqlsearch.com/query/IdentityInfo-VisualizeBlastRadius&clmp037pa00g2mc0kxpoz4mat 2023-09-18T14:47:41.757Z weekly 0.6 https://kqlsearch.com/query/IdentityInfo-FindUserswithmanyGroups&clmp032c600g1mc0ktk8s4ryn 2023-09-18T14:47:34.662Z weekly 0.6 https://kqlsearch.com/query/IdentityInfo-FindPrivAccountsHighBlastRadius&clmp02vsg00g0mc0kj17tts5d 2023-09-18T14:47:26.319Z weekly 0.6 https://kqlsearch.com/query/IdentityInfo-FindGuestswithHighBlastRadius&clmp02qj900fzmc0kkysa6kii 2023-09-18T14:47:19.366Z weekly 0.6 https://kqlsearch.com/query/IdentityInfo-FindAtRiskandHighBlastRadiusUsers&clmp02h4q00fxmc0kse8y6vzb 2023-09-18T14:47:07.322Z weekly 0.6 https://kqlsearch.com/query/IdentityInfo-FindAccountswithsameEmployeeId&clmp02bvp00fvmc0kye3qqrsz 2023-09-18T14:47:00.373Z weekly 0.6 https://kqlsearch.com/query/IdentityInfo-FindAccountsPasswordNotRequired&clmp025eq00ftmc0k49rln71o 2023-09-18T14:46:52.129Z weekly 0.6 https://kqlsearch.com/query/SysLog-DetectAnomaliesInEvents&clmp01zyw00frmc0k6pppsd6t 2023-09-18T14:46:44.935Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-WhichTablesAreInUse&clmp01ufw00fpmc0k4j0rcdbh 2023-09-18T14:46:37.916Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-VisualizeTotalAlertsvsUniqueAlerts&clmp01n9i00fnmc0k0v5ol3mo 2023-09-18T14:46:28.613Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-VisualizeTopPhishingDomains&clmp01hmx00flmc0klahv9jeg 2023-09-18T14:46:21.177Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-VisualizeMDEAlertSeverity&clmp01b2z00fjmc0keclfkyo2 2023-09-18T14:46:12.825Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-VisualizeAlertsbyProduct&clmp0158000fhmc0kin80nyjm 2023-09-18T14:46:05.231Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-VisualizeAlertsbyMITRE&clmp010f800ffmc0kyu5zdfjy 2023-09-18T14:45:58.869Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-Top20RandomStats&clmp00tu600fdmc0k3y1elkd3 2023-09-18T14:45:50.477Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-SuspectedGoldenTicket&clmp00of900fbmc0k72954936 2023-09-18T14:45:43.317Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-SummarizeSigninsafterMailboxRule&clmp00hxn00f9mc0ktbob48bk 2023-09-18T14:45:35.050Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-RetrieveEmailforSuspiciousEmailPatterns&clmp007pl00f7mc0k47599w20 2023-09-18T14:45:21.658Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-PotentialPhishingDomainCommunication&clmozzyv200f5mc0kc40iz2xz 2023-09-18T14:45:10.333Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-PossibleDNSDataTransfer&clmozzpkl00f3mc0kvh1mlz5k 2023-09-18T14:44:58.292Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-PercentageofAlertsHighorCritical&clmozzkqr00f1mc0k6j5v3puk 2023-09-18T14:44:52.034Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-ParseMaliciousFileInfoandFindDeviceEvents&clmozzed300ezmc0kv2t1piy5 2023-09-18T14:44:43.767Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-MultipleLowSeverityAlertsTriggered&clmozz7zd00exmc0kpoj9u08a 2023-09-18T14:44:35.496Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-MultipleAlertsTriggered&clmozz2fv00evmc0ku5lbu3r6 2023-09-18T14:44:28.313Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-MalwareDetectedinISO&clmozyxau00etmc0k43516ebk 2023-09-18T14:44:21.652Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-ForecastIdentityProtection&clmozyr0s00ermc0keenm9h0a 2023-09-18T14:44:13.373Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-FindUsersWhoSigninfromMaliciousIPs&clmozylls00epmc0knaa0ymol 2023-09-18T14:44:06.495Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-FindSigninsforAnomalousToken&clmozyb8o00enmc0kewaft66b 2023-09-18T14:43:53.063Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-FindRecipientsofPotentialPhishing&clmozy12q00emmc0ky7qz7uyj 2023-09-18T14:43:38.812Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-FindNetworkConnectionsSinkholedDomain&clmozxsw400elmc0ka8bbmn1s 2023-09-18T14:43:29.141Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-FindMostPhishedUsers&clmozxlpa00ekmc0k57w9618m 2023-09-18T14:43:19.965Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-FindBlastRadiusofPasswordSpray&clmozxghy00ejmc0k3ts1rjov 2023-09-18T14:43:13.079Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-FindBlastRadiusInfrequentCountry&clmozx27w00eimc0kxj09q13d 2023-09-18T14:42:54.573Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-EncodedPowershell&clmozwmwq00ehmc0ktfthb04s 2023-09-18T14:42:34.730Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-DeviceAlertwithLateralMovement&clmozwfvc00egmc0k4fgi8r3s 2023-09-18T14:42:25.751Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-DetectNewAlerts&clmozw93b00efmc0kamx06fo6 2023-09-18T14:42:16.823Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-DefenderforIdParser&clmozw22c00eemc0kwhv39c2b 2023-09-18T14:42:07.859Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-DefenderforIDRecon&clmozvtdc00edmc0kgp6vwko8 2023-09-18T14:41:56.449Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-VisualizeTopGuestDownloads&clmozvmna00ecmc0ktcxe2hd4 2023-09-18T14:41:47.877Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-VisualizeGuestsRedeemedvsAddedtoTeams&clmozvh9i00ebmc0k3xpa5ek0 2023-09-18T14:41:40.759Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-VisualizeGuestsAddedRemovedfromTeams&clmozv88u00eamc0kqqvtqglt 2023-09-18T14:41:29.212Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-VisualizeGuestDownloadsfromO365withTrend&clmozv19k00e9mc0k9pbco9gl 2023-09-18T14:41:20.024Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-VisualizeFilesSharedtoGuests&clmozuvej00e8mc0kc16847vs 2023-09-18T14:41:12.570Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-VisualizeFileShareTopGuestDomains&clmozumjo00e7mc0k0uioqjeq 2023-09-18T14:41:00.948Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-VisualizeDownloadsvsUploads&clmozug7o00e6mc0kktbwxu76 2023-09-18T14:40:52.884Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-VisualizeDownloadsbyTrustType&clmozu8h700e5mc0kwny01lsn 2023-09-18T14:40:42.716Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-VisualisingAnomalousDownloads&clmoztzww00e4mc0k3gd2q8d1 2023-09-18T14:40:31.759Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-Top20RandomStats&clmoztrej00e3mc0ks7kplh41 2023-09-18T14:40:20.588Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-TeamsRoleChanges&clmoztfal00e2mc0kudk2mmpu 2023-09-18T14:40:04.893Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-SummaryofExternalActivity&clmozt8q500e1mc0kftuq2gxp 2023-09-18T14:39:56.524Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-SummarizeTeamsCreatedDeleted&clmozt0op00e0mc0k8klvfx4b 2023-09-18T14:39:46.105Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-SummarizeTeamsAppInstalls&clmozsun600dzmc0krn5hwoss 2023-09-18T14:39:38.273Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-SummarizeGuestsAddedtoTeams&clmozspff00dymc0kck87d3dt 2023-09-18T14:39:31.371Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-SummarizeDownloadActivitybyGuests&clmozsj3h00dxmc0k0rm8cb3p 2023-09-18T14:39:23.309Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-SharedTeamsChannelCreated&clmozscyo00dwmc0k6x6zp2nu 2023-09-18T14:39:15.360Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-NewTeamsAppInstalled&clmozs86000dvmc0kc0h2wb23 2023-09-18T14:39:09.001Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-MultipleFilesSharedtoGuests&clmozs00h00dumc0kljrto9zm 2023-09-18T14:38:58.576Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-MalwareDetected&clmozrsno00dtmc0kjjsksv18 2023-09-18T14:38:48.900Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-InboxRuleParse&clmozrmd500dsmc0k1lec5y2v 2023-09-18T14:38:40.888Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-GuestDomainsHighestDownloads&clmozrd9f00drmc0k1w4s605d 2023-09-18T14:38:28.947Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-GuestAddedtoMultipleTeams&clmozr6kn00dqmc0ko1pahh08 2023-09-18T14:38:20.422Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-FindUserswhoDownloadedMalware&clmozqwj500dpmc0kyojvjyfz 2023-09-18T14:38:07.408Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-FindNewOperations&clmozqrb600domc0kzgh1bmsm 2023-09-18T14:38:00.642Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-FilesSharedtoGuestsfromOnedrive&clmozqlej00dnmc0klh1vew5g 2023-09-18T14:37:52.843Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-ExchangeScopingPolicyApplied&clmozqbrb00dmmc0kam8vhbb3 2023-09-18T14:37:40.486Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-DetectUsermadeOwneronmultipleTeams&clmozq60900dlmc0k4ib76wbf 2023-09-18T14:37:32.889Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-DetectNewExchangeAdminRole&clmozpxqq00dkmc0kh6fjenju 2023-09-18T14:37:22.321Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-DetectFullMailboxAccess&clmozps6z00djmc0kirc38vbm 2023-09-18T14:37:14.988Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-DetectEmailsReadbyAdmins&clmozpiih00dimc0klbdr6mkp 2023-09-18T14:37:02.583Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-CalculateTimetoDetectMalware&clmozpav800dhmc0kaevf7wah 2023-09-18T14:36:52.533Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-CalculatePercentageofDownloadsperDomain&clmozp2s900dgmc0k7trls6q7 2023-09-18T14:36:42.201Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-CalculatePercentageofDownloadsforTopGuests&clmozowjy00dfmc0kwgv240nj 2023-09-18T14:36:33.983Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-CalculatePercentageofDownloadsUntrustedDevices&clmozoq3l00demc0kpx5eh521 2023-09-18T14:36:25.761Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-AnomalousGuestFileShares&clmozoivq00ddmc0kz8mylzw7 2023-09-18T14:36:16.263Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-AnomalousDownloadsfromGuests&clmozo6ap00dcmc0kh8su4dkp 2023-09-18T14:36:00.097Z weekly 0.6 https://kqlsearch.com/query/Office-DownloadsfromGuestafterAddedtoTeams&clmoznynh00dbmc0kz9q4jjpf 2023-09-18T14:35:50.046Z weekly 0.6 https://kqlsearch.com/query/EmailEvents-VisualizePostDeliveryActions&clmoznmqd00damc0kot63vkhn 2023-09-18T14:35:34.741Z weekly 0.6 https://kqlsearch.com/query/EmailEvents-VisualizeDeliveryActions&clmozng9s00d9mc0kpvkusci9 2023-09-18T14:35:26.224Z weekly 0.6 https://kqlsearch.com/query/EmailEvents-VisualizeBlockedEmailPercentage&clmozna7500d8mc0kwsiwliv2 2023-09-18T14:35:18.497Z weekly 0.6 https://kqlsearch.com/query/EmailEvents-VisualizeBlockedEmailDeviation&clmozn3b500d7mc0kyzdqmhpb 2023-09-18T14:35:09.426Z weekly 0.6 https://kqlsearch.com/query/EmailEvents-PotentialNewSpammer&clmozmyhk00d6mc0krrxvyjqm 2023-09-18T14:35:03.319Z weekly 0.6 https://kqlsearch.com/query/EmailEvents-MostBlockedDomains&clmozmqgq00d5mc0kogjt91dn 2023-09-18T14:34:52.779Z weekly 0.6 https://kqlsearch.com/query/EmailEvents-MacroReceivedbyEmail&clmozmj0u00d4mc0k4rop61ho 2023-09-18T14:34:43.278Z weekly 0.6 https://kqlsearch.com/query/EmailEvents-FindUsersWhoReadMaliciousEmail&clmozm9ii00d3mc0k0wetczkn 2023-09-18T14:34:30.811Z weekly 0.6 https://kqlsearch.com/query/EmailEvents-FindEmailswithPotentialPhishingURL&clmozm1hc00d2mc0k78triqmc 2023-09-18T14:34:20.543Z weekly 0.6 https://kqlsearch.com/query/Audit-DailySummaryofO365AdminActivity&clmozlu0f00d1mc0k8x2pgjiu 2023-09-18T14:34:10.862Z weekly 0.6 https://kqlsearch.com/query/LAQuery-VisualizeQueriesRun&clmozloaz00d0mc0koibkajuc 2023-09-18T14:34:03.467Z weekly 0.6 https://kqlsearch.com/query/LAQuery-UsersvsAutomationQueryStats&clmozlig200czmc0k1putgs59 2023-09-18T14:33:55.731Z weekly 0.6 https://kqlsearch.com/query/LAQuery-NewUsersQueryingData&clmozl9oq00cymc0kfepu0c18 2023-09-18T14:33:44.521Z weekly 0.6 https://kqlsearch.com/query/LAQuery-FindQueryStats&clmozl1u600cxmc0k9j18knkg 2023-09-18T14:33:34.207Z weekly 0.6 https://kqlsearch.com/query/IntuneDevices-VisualizeMatchingDeviceIds&clmozkwre00cvmc0k9bqsrrpp 2023-09-18T14:33:27.770Z weekly 0.6 https://kqlsearch.com/query/IntuneDevices-VisualizeLastContact&clmozkoqt00ctmc0k5ivo3l96 2023-09-18T14:33:17.238Z weekly 0.6 https://kqlsearch.com/query/IntuneDevices-VisualizeDeviceJoinTypebyWeek&clmozkgiy00crmc0kzt1o0s7f 2023-09-18T14:33:06.730Z weekly 0.6 https://kqlsearch.com/query/IntuneDevices-VisualizeDeviceComplianceovertime&clmozk8v500cpmc0klohgryuo 2023-09-18T14:32:56.658Z weekly 0.6 https://kqlsearch.com/query/IntuneDevices-RetrieveDeviceInfoAfterWipe&clmozk1yp00cnmc0k0dht2yjz 2023-09-18T14:32:47.857Z weekly 0.6 https://kqlsearch.com/query/IntuneDevices-FindDetailsofNonCompliantDevices&clmozjuhh00clmc0k0z4hak2a 2023-09-18T14:32:38.021Z weekly 0.6 https://kqlsearch.com/query/IP-LabelDowngradeThenEmail&clmozjo2x00cjmc0kxxdtsjhh 2023-09-18T14:32:29.864Z weekly 0.6 https://kqlsearch.com/query/IP-LabelDowngradeThenCopytoUSB&clmozjg2r00chmc0kue9qlxq2 2023-09-18T14:32:19.348Z weekly 0.6 https://kqlsearch.com/query/Heartbeat-VisualizeDistinctComputersperMonth&clmozj61400cfmc0ke302r67m 2023-09-18T14:32:06.471Z weekly 0.6 https://kqlsearch.com/query/Heartbeat-NoHeartbeatinTimeframe&clmozj1ek00cdmc0k2e2xpz6g 2023-09-18T14:32:00.333Z weekly 0.6 https://kqlsearch.com/query/Function-UserLookup&clmoziw4300cbmc0k9ra7tz3z 2023-09-18T14:31:53.618Z weekly 0.6 https://kqlsearch.com/query/Function-UserLogins&clmozinrr00c9mc0k5u8lw0rm 2023-09-18T14:31:42.664Z weekly 0.6 https://kqlsearch.com/query/Function-UserInvestigation&clmozih0v00c8mc0kuxo2ezri 2023-09-18T14:31:34.062Z weekly 0.6 https://kqlsearch.com/query/Function-TeamsAccess&clmozi8gz00c6mc0k85kqhzjy 2023-09-18T14:31:22.978Z weekly 0.6 https://kqlsearch.com/query/Function-RetrieveAllDCs&clmozhwyo00c4mc0k77sc0pzc 2023-09-18T14:31:07.921Z weekly 0.6 https://kqlsearch.com/query/Function-PrivilegeChanges&clmozho0100c2mc0k0qn3logj 2023-09-18T14:30:56.448Z weekly 0.6 https://kqlsearch.com/query/Function-NewDetections&clmozhebc00c0mc0kkwelv6x5 2023-09-18T14:30:43.894Z weekly 0.6 https://kqlsearch.com/query/Function-IdentityInfowithSigninRisk&clmozh69s00bymc0kae4zlp5x 2023-09-18T14:30:33.471Z weekly 0.6 https://kqlsearch.com/query/Function-GuestDomainInfo&clmozgzot00bwmc0k32asqen2 2023-09-18T14:30:24.940Z weekly 0.6 https://kqlsearch.com/query/Function-GroupChanges&clmozgqlu00bumc0ka8i82uc0 2023-09-18T14:30:13.169Z weekly 0.6 https://kqlsearch.com/query/Function-FailedActiveDirectoryLogons&clmozgirc00bsmc0ksllfnb3s 2023-09-18T14:30:02.857Z weekly 0.6 https://kqlsearch.com/query/Function-DeviceLookup&clmozgd8q00bqmc0kdddoyvgc 2023-09-18T14:29:55.850Z weekly 0.6 https://kqlsearch.com/query/Function-AzureKeyVaultAccess&clmozg05c00bomc0kvx0twsm1 2023-09-18T14:29:38.878Z weekly 0.6 https://kqlsearch.com/query/Function-ADGroupChanges&clmozftns00bmmc0ky8zy5s2p 2023-09-18T14:29:30.328Z weekly 0.6 https://kqlsearch.com/query/Duo-LogParserwithIdentityInfo&clmozfm7h00bkmc0kz0n3l7hj 2023-09-18T14:29:20.812Z weekly 0.6 https://kqlsearch.com/query/IdentityLogonEvents-SummarizeNTLM&clmozfg7d00bimc0k6b19pbr0 2023-09-18T14:29:13.033Z weekly 0.6 https://kqlsearch.com/query/IdentityLogonEvents-SummarizeClearTextLDAP&clmozf9as00bgmc0k3wqyfgcv 2023-09-18T14:29:04.084Z weekly 0.6 https://kqlsearch.com/query/IdentityDirectoryEvents-PasswordSettoNeverExpire&clmozf4qa00bemc0kbrs65ory 2023-09-18T14:28:58.018Z weekly 0.6 https://kqlsearch.com/query/IdentityDirectoryEvents-EncryptionChange&clmozeyeq00bcmc0kcqa5nu6e 2023-09-18T14:28:49.969Z weekly 0.6 https://kqlsearch.com/query/IdentityDirectoryEvents-AccountDelegationChanged&clmozerzn00bamc0ktywr7oyf 2023-09-18T14:28:41.507Z weekly 0.6 https://kqlsearch.com/query/Vuln-PublicFacingDeviceswithKnownExploitedVuln&clmozel4t00b8mc0kz90w369i 2023-09-18T14:28:32.764Z weekly 0.6 https://kqlsearch.com/query/Vuln-KnownExploitableVuln&clmozef9n00b6mc0kdd3hxii7 2023-09-18T14:28:25.019Z weekly 0.6 https://kqlsearch.com/query/Vuln-InternetExposedDevices&clmoze97i00b4mc0krttojlx0 2023-09-18T14:28:17.309Z weekly 0.6 https://kqlsearch.com/query/Vuln-HighestExposedDevices&clmoze3gq00b2mc0k81vqv9rn 2023-09-18T14:28:09.721Z weekly 0.6 https://kqlsearch.com/query/Vuln-CVE-2021-40444&clmozdxdp00b0mc0k2x4gw48d 2023-09-18T14:28:01.980Z weekly 0.6 https://kqlsearch.com/query/Devices-SummarizeInboundTraffic&clmozdq5900aymc0kkr5vqty0 2023-09-18T14:27:52.604Z weekly 0.6 https://kqlsearch.com/query/Devices-NoSSH&clmozdioj00awmc0kqnm6plul 2023-09-18T14:27:42.788Z weekly 0.6 https://kqlsearch.com/query/Devices-NoSMB&clmozdb4800aumc0kigcfv5ow 2023-09-18T14:27:33.127Z weekly 0.6 https://kqlsearch.com/query/Devices-NoRDP&clmozd5xf00asmc0kntirvxsr 2023-09-18T14:27:26.403Z weekly 0.6 https://kqlsearch.com/query/Devices-NoHTTP&clmozd0qq00aqmc0kjb4ldp7r 2023-09-18T14:27:19.681Z weekly 0.6 https://kqlsearch.com/query/Device-msdtPotentialExploit&clmozcujj00aomc0k9jjf1596 2023-09-18T14:27:11.504Z weekly 0.6 https://kqlsearch.com/query/Device-WindowsVersionPivotTable&clmozcjil00ammc0kuuxmhy7e 2023-09-18T14:26:57.356Z weekly 0.6 https://kqlsearch.com/query/Device-Windows11DevicesandUsers&clmozcc3500akmc0khwoei4qh 2023-09-18T14:26:47.729Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizeVolumeofDataCopiedtoUSB&clmozc4sk00ajmc0ks3s20sll 2023-09-18T14:26:38.275Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizeRemotePowerShellURLs&clmozbw9100ahmc0k2fmc280d 2023-09-18T14:26:27.205Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizeRDPClients&clmozbprj00afmc0kvzxlk0z3 2023-09-18T14:26:18.655Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizePort22Proccesses&clmozbjfk00admc0k1mn9vnw4 2023-09-18T14:26:10.591Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizeOSBuildspermonth&clmozbbzz00abmc0k52d8t199 2023-09-18T14:26:00.815Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizeMostCommonISOFiles&clmozb3zo00a9mc0kzh5c5mr5 2023-09-18T14:25:50.580Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizeMaliciousSmartScreenURLs&clmozatr200a7mc0ka5aete3h 2023-09-18T14:25:37.309Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizeASREventswithtrend&clmozan6w00a5mc0k2wouef9f 2023-09-18T14:25:28.807Z weekly 0.6 https://kqlsearch.com/query/Device-UserAddedasLocalAdmin&clmozag1e00a3mc0kay16biho 2023-09-18T14:25:19.538Z weekly 0.6 https://kqlsearch.com/query/Device-Top20RandomActions&clmoza66y00a1mc0kcdg62uor 2023-09-18T14:25:06.634Z weekly 0.6 https://kqlsearch.com/query/Device-Top20DepartmentsCopyingDatatoUSBbySize&clmoza075009zmc0k1qbf30yi 2023-09-18T14:24:59.009Z weekly 0.6 https://kqlsearch.com/query/Device-Top20DepartmentsCopyingDatatoUSBbyCount&clmoz9s7c009xmc0kzneqii4j 2023-09-18T14:24:48.505Z weekly 0.6 https://kqlsearch.com/query/Device-SummaryofDeviceLogons&clmoz9k5i009vmc0k78msqz19 2023-09-18T14:24:38.213Z weekly 0.6 https://kqlsearch.com/query/Device-SummarizeSmartScreenUntrustedFiles&clmoz9dpa009tmc0kdj3knvj6 2023-09-18T14:24:29.711Z weekly 0.6 https://kqlsearch.com/query/Device-SummarizeSmartScreenPhishingDomains&clmoz96yy009rmc0kxi4k188e 2023-09-18T14:24:21.130Z weekly 0.6 https://kqlsearch.com/query/Device-SummarizeSSHPortOpenedInbound&clmoz90db009pmc0klv6ggk5s 2023-09-18T14:24:12.431Z weekly 0.6 https://kqlsearch.com/query/Device-SummarizeRDPConnections&clmoz8u32009nmc0k08jbsd9r 2023-09-18T14:24:04.430Z weekly 0.6 https://kqlsearch.com/query/Device-SummarizeMacroUsage&clmoz8nki009lmc0k9rvag2by 2023-09-18T14:23:55.841Z weekly 0.6 https://kqlsearch.com/query/Device-SummarizeLocalLogonActivity&clmoz8dol009jmc0k4xky5qmc 2023-09-18T14:23:43.172Z weekly 0.6 https://kqlsearch.com/query/Device-SummarizeLocalGroupAdditions&clmoz8764009hmc0ks4bnfzr8 2023-09-18T14:23:34.731Z weekly 0.6 https://kqlsearch.com/query/Device-SummarizeLDAPandLDAPStraffic&clmoz814z009gmc0kz4lh262e 2023-09-18T14:23:26.915Z weekly 0.6 https://kqlsearch.com/query/Device-SSHTrafficOnNonStandardPort&clmoz7tyq009emc0kunkziei0 2023-09-18T14:23:17.617Z weekly 0.6 https://kqlsearch.com/query/Device-PublicPort22Allowed&clmoz7kt4009cmc0kmbjs6a25 2023-09-18T14:23:05.751Z weekly 0.6 https://kqlsearch.com/query/Device-ProcessModifiedPrimaryToken&clmoz7da6009amc0ke8so9up7 2023-09-18T14:22:55.998Z weekly 0.6 https://kqlsearch.com/query/Device-PowershellConnectingtoInternet&clmoz74q70098mc0k1uq9khnx 2023-09-18T14:22:44.768Z weekly 0.6 https://kqlsearch.com/query/Device-PowerShellExecutionModeChanged&clmoz6xe20096mc0kpzii8std 2023-09-18T14:22:35.401Z weekly 0.6 https://kqlsearch.com/query/Device-PotentialDNSTunnelling&clmoz6rc50094mc0klnr7calm 2023-09-18T14:22:27.556Z weekly 0.6 https://kqlsearch.com/query/Device-ParseURL&clmoz6lda0092mc0k4pureyyg 2023-09-18T14:22:19.822Z weekly 0.6 https://kqlsearch.com/query/Device-NewHashAccessingLSASS&clmoz6e4i0090mc0k4k5750mg 2023-09-18T14:22:10.433Z weekly 0.6 https://kqlsearch.com/query/Device-NewASREvents&clmoz69cg008ymc0kdrapl7wk 2023-09-18T14:22:04.239Z weekly 0.6 https://kqlsearch.com/query/Device-LocalUserswithAdmin&clmoz63p7008wmc0k8e8qb0u5 2023-09-18T14:21:56.779Z weekly 0.6 https://kqlsearch.com/query/Device-InterestingPortsOpened&clmoz5uey008umc0k84508qnx 2023-09-18T14:21:44.889Z weekly 0.6 https://kqlsearch.com/query/Device-FirstTimeWhoAmI&clmoz5om8008smc0k7w7cro05 2023-09-18T14:21:37.231Z weekly 0.6 https://kqlsearch.com/query/Device-FindUsersWhoClickedonPhishing&clmoz5g85008qmc0khqcoz49x 2023-09-18T14:21:26.499Z weekly 0.6 https://kqlsearch.com/query/Device-FindNewEvents&clmoz5980008omc0klchbgixg 2023-09-18T14:21:17.423Z weekly 0.6 https://kqlsearch.com/query/Device-FindNewDevices&clmoz53la008mmc0kjggw47ei 2023-09-18T14:21:10.125Z weekly 0.6 https://kqlsearch.com/query/Device-FindNetworkRecon&clmoz4xfs008kmc0kmonplchp 2023-09-18T14:21:02.009Z weekly 0.6 https://kqlsearch.com/query/Device-FindDeviceswithnoASR&clmoz4qnx008imc0kufft6for 2023-09-18T14:20:53.372Z weekly 0.6 https://kqlsearch.com/query/Device-FindDeviceswithmostSmartScreenEvents&clmoz4huh008gmc0kmdv9th4q 2023-09-18T14:20:41.801Z weekly 0.6 https://kqlsearch.com/query/Device-FindDevicesToOnboard&clmoz49u1008fmc0ks8wri5gr 2023-09-18T14:20:31.561Z weekly 0.6 https://kqlsearch.com/query/Device-FindDevicesNoLongerSendingEvents&clmoz42kp008emc0kzilkigb3 2023-09-18T14:20:22.009Z weekly 0.6 https://kqlsearch.com/query/Device-FindDevicesMostASR&clmoz3x28008dmc0kj8zfbfuw 2023-09-18T14:20:15.008Z weekly 0.6 https://kqlsearch.com/query/Device-FindDeviceWithoutCurrentAVScan&clmoz3p0o008cmc0kogddy2y7 2023-09-18T14:20:04.439Z weekly 0.6 https://kqlsearch.com/query/Device-FilesCopiedtoUSBCertainGroups&clmoz3hng008bmc0kcvokq82y 2023-09-18T14:19:55.035Z weekly 0.6 https://kqlsearch.com/query/Device-FileDownloadedfromO365thenCopiedtoUSB&clmoz39nh008amc0kpr4dolfk 2023-09-18T14:19:44.525Z weekly 0.6 https://kqlsearch.com/query/Device-DetectURLopenedfromISOfile&clmoz2zwk0089mc0kxb7qjsk0 2023-09-18T14:19:32.035Z weekly 0.6 https://kqlsearch.com/query/Device-DetectSecurityLogCleared&clmoz2s1x0088mc0k0c331hid 2023-09-18T14:19:21.717Z weekly 0.6 https://kqlsearch.com/query/Device-DetectRegistryTampering&clmoz2mkb0087mc0khlrisj04 2023-09-18T14:19:14.746Z weekly 0.6 https://kqlsearch.com/query/Device-DetectRDPRecon&clmoz2fxk0086mc0kraxbajo3 2023-09-18T14:19:06.008Z weekly 0.6 https://kqlsearch.com/query/Device-DetectPuttyConnectingPublic&clmoz29rw0085mc0k96pbllyy 2023-09-18T14:18:58.171Z weekly 0.6 https://kqlsearch.com/query/Device-DetectPotentialNetworkRecon&clmoz23gi0084mc0k7km3kn9n 2023-09-18T14:18:49.842Z weekly 0.6 https://kqlsearch.com/query/Device-DetectMultipleFailedRemoteLogons&clmoz1wxs0083mc0k34ykgfpt 2023-09-18T14:18:41.535Z weekly 0.6 https://kqlsearch.com/query/Device-DetectMacroUsage&clmoz1py00082mc0kgdne898k 2023-09-18T14:18:32.328Z weekly 0.6 https://kqlsearch.com/query/Device-DetectMacroConnectingtoInternet&clmoz1g7x0081mc0kl6d1cjqm 2023-09-18T14:18:19.869Z weekly 0.6 https://kqlsearch.com/query/Device-DetectLogonsPriortoMDEAlert&clmoz19k9007zmc0kuofo861l 2023-09-18T14:18:11.096Z weekly 0.6 https://kqlsearch.com/query/Device-DetectLocaltoPublicRDP&clmoz12lv007xmc0kz26hz22f 2023-09-18T14:18:02.226Z weekly 0.6 https://kqlsearch.com/query/Device-DetectLocalUserCreated&clmoz0uox007vmc0ksm5cnsxb 2023-09-18T14:17:51.968Z weekly 0.6 https://kqlsearch.com/query/Device-DetectLocalAdminsWhoHaventElevated&clmoz0ohf007tmc0kkm7i3cq5 2023-09-18T14:17:43.922Z weekly 0.6 https://kqlsearch.com/query/Device-DetectInternaltoExternalTeamviewer&clmoz0gtn007rmc0kq4812ttt 2023-09-18T14:17:33.851Z weekly 0.6 https://kqlsearch.com/query/Device-DetectInboundPublicRDP&clmoz0ae3007pmc0kujs5z0ao 2023-09-18T14:17:25.658Z weekly 0.6 https://kqlsearch.com/query/Device-DetectFirstTimeTeamviewerUsage&clmoz02td007nmc0kj6dvxfpw 2023-09-18T14:17:15.840Z weekly 0.6 https://kqlsearch.com/query/Device-DetectEncodedPowershellandDecode&clmoyzwmo007lmc0kc2i71vb6 2023-09-18T14:17:07.824Z weekly 0.6 https://kqlsearch.com/query/Device-DetectCredentialBackup&clmoyzpw5007jmc0ksnmmww24 2023-09-18T14:16:59.092Z weekly 0.6 https://kqlsearch.com/query/Device-DetectCertUtilConnectingExternally&clmoyzjj3007hmc0k6i1dk8ml 2023-09-18T14:16:50.847Z weekly 0.6 https://kqlsearch.com/query/Device-DetectAnomalousRDPConnections&clmoyzd81007fmc0k17bfjpk6 2023-09-18T14:16:42.672Z weekly 0.6 https://kqlsearch.com/query/Device-CreateSetofLocalAdminsperDevice&clmoyz72o007dmc0kjepc0zvd 2023-09-18T14:16:34.704Z weekly 0.6 https://kqlsearch.com/query/Device-AccountswithMostLocalAdmin&clmoyz202007bmc0k83syl8ip 2023-09-18T14:16:27.982Z weekly 0.6 https://kqlsearch.com/query/Device-ASRSummary&clmoyyvug0079mc0kebhz2lw5 2023-09-18T14:16:20.151Z weekly 0.6 https://kqlsearch.com/query/Device-ASROfficeChildProcessAudit&clmoyyqhw0077mc0kzzs1hjzg 2023-09-18T14:16:13.220Z weekly 0.6 https://kqlsearch.com/query/Device-ASRLsassAudit&clmoyykxk0076mc0kwlre45fy 2023-09-18T14:16:06.008Z weekly 0.6 https://kqlsearch.com/query/Device-ASRAudit&clmoyy9fd0074mc0ko7hlg36y 2023-09-18T14:15:50.954Z weekly 0.6 https://kqlsearch.com/query/Anamoly-USBFileCopiesfromUserswithAnamolousDownloads&clmoyxzsn0073mc0k1ia7zyd1 2023-09-18T14:15:38.614Z weekly 0.6 https://kqlsearch.com/query/DCA-VisualizeEmojiReactions&clmoyxr4b0071mc0k39nhtb3i 2023-09-18T14:15:27.370Z weekly 0.6 https://kqlsearch.com/query/DCA-TeamsAppInstalled&clmoyxjzm006zmc0kgbdcfpfl 2023-09-18T14:15:17.987Z weekly 0.6 https://kqlsearch.com/query/DCA-SuspiciousMailboxRuleCreated&clmoyxets006ymc0k76knpfkf 2023-09-18T14:15:11.438Z weekly 0.6 https://kqlsearch.com/query/DCA-RiskEventFollowedbyMailboxRuleChanges&clmoyx779006xmc0kaxu3vcpx 2023-09-18T14:15:01.415Z weekly 0.6 https://kqlsearch.com/query/DCA-RiskEventFollowedbyEmailForward&clmoywzp9006wmc0kwnqflpjw 2023-09-18T14:14:51.836Z weekly 0.6 https://kqlsearch.com/query/DCA-PotentialConsentPhishing&clmoywprh006vmc0k2zigv83o 2023-09-18T14:14:38.814Z weekly 0.6 https://kqlsearch.com/query/DCA-PivotTableAdminOperations&clmoywfsy006umc0kepotwmj9 2023-09-18T14:14:26.049Z weekly 0.6 https://kqlsearch.com/query/DCA-PivotTableAdminActions&clmoywaf3006tmc0kbgvvh1ir 2023-09-18T14:14:18.928Z weekly 0.6 https://kqlsearch.com/query/DCA-PaidTrialStarted&clmoyw2r2006smc0kpp02bimc 2023-09-18T14:14:09.133Z weekly 0.6 https://kqlsearch.com/query/DCA-FormPhishingStatusChanged&clmoyvx23006rmc0kby0gemp6 2023-09-18T14:14:01.612Z weekly 0.6 https://kqlsearch.com/query/DCA-FindUserSubmittedPhishingSpam&clmoyvoya006qmc0k2yozncfy 2023-09-18T14:13:51.249Z weekly 0.6 https://kqlsearch.com/query/DCA-FindNewEvents&clmoyvht2006pmc0katwdcrf6 2023-09-18T14:13:41.847Z weekly 0.6 https://kqlsearch.com/query/DCA-FindAzureADAdminActions&clmoyv84w006omc0khq43wfe6 2023-09-18T14:13:29.455Z weekly 0.6 https://kqlsearch.com/query/DCA-ExchangeOnlineEventsduringRiskySignin&clmoyv2n9006nmc0k03q2ho0u 2023-09-18T14:13:22.198Z weekly 0.6 https://kqlsearch.com/query/DCA-DetectMailboxForward&clmoyux3s006mmc0k7vpbd141 2023-09-18T14:13:15.159Z weekly 0.6 https://kqlsearch.com/query/DCA-DetectAdminGrantingOwnAccesstoMailbox&clmoyuqfe006lmc0k7prz40c3 2023-09-18T14:13:06.363Z weekly 0.6 https://kqlsearch.com/query/DCA-DetectAADInternalsUse&clmoyujqq006kmc0kzfogj1b1 2023-09-18T14:12:57.842Z weekly 0.6 https://kqlsearch.com/query/Data-TableSizePerMDEDevice&clmoyubgn006jmc0kgyaxbu43 2023-09-18T14:12:46.968Z weekly 0.6 https://kqlsearch.com/query/Data-NewTablesFound&clmoyqt68006imc0k0zj64tho 2023-09-18T14:10:03.439Z weekly 0.6 https://kqlsearch.com/query/Data-DetectAnomalousDataIngestion&clmoyqn35006hmc0kzpel7eqy 2023-09-18T14:09:55.410Z weekly 0.6 https://kqlsearch.com/query/Data-CalculateTableSizeChanges&clmoyqax8006gmc0kvrzbkdq4 2023-09-18T14:09:39.787Z weekly 0.6 https://kqlsearch.com/query/Data-CalculatePercentageperTable&clmoyq2iv006fmc0koi0uewed 2023-09-18T14:09:28.760Z weekly 0.6 https://kqlsearch.com/query/365-Visualize365DaysofKql&clmoypun1006emc0kxlqnnbo4 2023-09-18T14:09:18.684Z weekly 0.6 https://kqlsearch.com/query/DnsEvents-FindStaleDomains&clmoypqhz006dmc0ko28xped6 2023-09-18T14:09:13.176Z weekly 0.6 https://kqlsearch.com/query/DNS-FindDevicesThatHaveQueriedSuspiciousDomains&clmoypi8o006cmc0kv9ey3won 2023-09-18T14:09:02.615Z weekly 0.6 https://kqlsearch.com/query/SecurityIncident-VisualizeMitreAtt%26ck&clmoypcmq006bmc0kwmgxphf3 2023-09-18T14:08:55.345Z weekly 0.6 https://kqlsearch.com/query/SecurityIncident-VisualizeIncidentswithTrend&clmoyp7zl006amc0krydihqah 2023-09-18T14:08:49.185Z weekly 0.6 https://kqlsearch.com/query/SecurityIncident-VisualizeIncidentSeverity&clmoyp23i0069mc0k7hp7m5w2 2023-09-18T14:08:41.693Z weekly 0.6 https://kqlsearch.com/query/SecurityIncident-PlaybookActivities&clmoyowxf0068mc0kuam8cpzj 2023-09-18T14:08:34.994Z weekly 0.6 https://kqlsearch.com/query/SecurityIncident-DaysSinceLastIncident&clmoyorhj0067mc0k1hxl2jj2 2023-09-18T14:08:27.942Z weekly 0.6 https://kqlsearch.com/query/KeyVault-PotentiallySensitiveOperations&clmoyom250066mc0kfvgd76c6 2023-09-18T14:08:20.908Z weekly 0.6 https://kqlsearch.com/query/KeyVault-ObjectIDAddedtoAccessPolicy&clmoyog9l0065mc0k4jl7zfp2 2023-09-18T14:08:13.258Z weekly 0.6 https://kqlsearch.com/query/KeyVault-IPAddedtoFirewall&clmoyo9ff0064mc0kvlqucong 2023-09-18T14:08:04.538Z weekly 0.6 https://kqlsearch.com/query/KeyVault-DefaultFirewallRuleSettoAllow&clmoyo3i00063mc0kby0w9a71 2023-09-18T14:07:56.713Z weekly 0.6 https://kqlsearch.com/query/KeyVault-AnomalousKeyVaultAccessbyUser&clmoynv2c0062mc0kmymywwy7 2023-09-18T14:07:45.923Z weekly 0.6 https://kqlsearch.com/query/KeyVault-AnomalousKeyVaultAccessbyApp&clmoynoj00061mc0kj07eo5b4 2023-09-18T14:07:37.309Z weekly 0.6 https://kqlsearch.com/query/CVE-2021-44228&clmoynhpw0060mc0kaeru8r1x 2023-09-18T14:07:28.628Z weekly 0.6 https://kqlsearch.com/query/CVE-2021-44228-2&clmoyn7m2005zmc0ka3rkrsvp 2023-09-18T14:07:15.387Z weekly 0.6 https://kqlsearch.com/query/AppGateway-VisualizeWAFTraffic&clmoymxey005ymc0kuv64uj2y 2023-09-18T14:07:02.313Z weekly 0.6 https://kqlsearch.com/query/AppGateway-MostAttackedHostName&clmoymqgh005xmc0kr2usl31h 2023-09-18T14:06:53.296Z weekly 0.6 https://kqlsearch.com/query/Bastion-SummarizeAccountAccess&clmoymk8y005wmc0k3qgvzv1f 2023-09-18T14:06:45.250Z weekly 0.6 https://kqlsearch.com/query/Bastion-AuditUsage&clmoymf62005vmc0k0uxecpfp 2023-09-18T14:06:38.523Z weekly 0.6 https://kqlsearch.com/query/Sentinel-DetectAccessAddedtoWorkspace&clmoym90l005umc0kwiabeh83 2023-09-18T14:06:30.692Z weekly 0.6 https://kqlsearch.com/query/AzureVM-DiskImageURLGenerated&clmoym050005tmc0kf4l6bfhh 2023-09-18T14:06:19.045Z weekly 0.6 https://kqlsearch.com/query/AzureStorage-FirstTimeStorageKeyEnumeration&clmoylun6005smc0kr7hn1hf7 2023-09-18T14:06:12.066Z weekly 0.6 https://kqlsearch.com/query/AzureLogAnalytics-DetectwhenWorkspaceKeysareRead&clmoylnfc005rmc0k0igme64c 2023-09-18T14:06:02.569Z weekly 0.6 https://kqlsearch.com/query/Azure-ServicePrincipalAddedtoAzure&clmoyle9w005qmc0kmbuqmjb7 2023-09-18T14:05:50.851Z weekly 0.6 https://kqlsearch.com/query/Azure-ResourceLockAddedorRemoved&clmoyl80l005pmc0kt1uomp7y 2023-09-18T14:05:42.598Z weekly 0.6 https://kqlsearch.com/query/SSPR-PasswordResetInitiatedviaMSGraph&clmoyl16n005omc0kgaxaf4qi 2023-09-18T14:05:33.886Z weekly 0.6 https://kqlsearch.com/query/PIM-UserAssignedRolebutHasntActivated&clmoyksrl005nmc0kfzbn7f2x 2023-09-18T14:05:22.834Z weekly 0.6 https://kqlsearch.com/query/OAuth-TrackEventsonServicePrincipals&clmoykh88005mmc0kla4x9ffb 2023-09-18T14:05:08.023Z weekly 0.6 https://kqlsearch.com/query/OAuth-SummarizeServicePrincipalInactivity&clmoyk9wl005lmc0ktladbhch 2023-09-18T14:04:58.390Z weekly 0.6 https://kqlsearch.com/query/OAuth-SummarizePermissionGrantedtoApps&clmoyk3o6005kmc0kftts6dmr 2023-09-18T14:04:50.453Z weekly 0.6 https://kqlsearch.com/query/OAuth-SummarizeCurrentAppPermissions&clmoyjwoo005jmc0krire9p08 2023-09-18T14:04:41.257Z weekly 0.6 https://kqlsearch.com/query/OAuth-PermissionsAddedRemoved&clmoyjjky005imc0kfgcohzog 2023-09-18T14:04:24.417Z weekly 0.6 https://kqlsearch.com/query/OAuth-InactiveServicePrincipalswithPrivilege&clmoyj8vq005hmc0khv6c1h33 2023-09-18T14:04:10.407Z weekly 0.6 https://kqlsearch.com/query/OAuth-FirstTimeAppConsent&clmoyj1bv005gmc0keuiwsd5t 2023-09-18T14:04:00.762Z weekly 0.6 https://kqlsearch.com/query/OAuth-DetectingFirstTimeCredentialAddition&clmoyit9i005fmc0kdbmxxn9g 2023-09-18T14:03:50.167Z weekly 0.6 https://kqlsearch.com/query/OAuth-DelegatedPermissionsGrant&clmoyil5s005emc0kajxht344 2023-09-18T14:03:39.807Z weekly 0.6 https://kqlsearch.com/query/OAuth-ApporDelegatedAccessGranted&clmoyifhc005dmc0k7r6g8ek2 2023-09-18T14:03:32.305Z weekly 0.6 https://kqlsearch.com/query/OAuth-ApplicationPermissionsGrant&clmoyi9za005cmc0kmuaagg51 2023-09-18T14:03:25.317Z weekly 0.6 https://kqlsearch.com/query/Identity-YourUsersSigningIntoOtherTenantsAsGuests&clmoyi332005bmc0k5a8irrum 2023-09-18T14:03:16.239Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeWorldMap&clmoyhwrt005amc0ks9ref8jd 2023-09-18T14:03:08.200Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeTotalvsDistinctsignins&clmoyhq880059mc0k41m16vm0 2023-09-18T14:02:59.578Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeSigninsbyDeviceTrust&clmoyhgpl0058mc0kvtckz7mr 2023-09-18T14:02:47.385Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeSSPR&clmoyh9nf0057mc0kqvtrmamj 2023-09-18T14:02:38.092Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeRiskEventsoverTime&clmoyh23f0056mc0k5f9wyivy 2023-09-18T14:02:28.443Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizePasswordvsPasswordless&clmoygw770054mc0kopvt77n9 2023-09-18T14:02:20.660Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeMFAMethodsovertime&clmoygpo90052mc0kpnfonpls 2023-09-18T14:02:12.344Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeMFAMethods&clmoygh7d0050mc0kkb5a19dk 2023-09-18T14:02:01.369Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeMFAChallengevsPreviouslySatisfied&clmoyga0o004ymc0k8y7sa5mm 2023-09-18T14:01:52.055Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeLegacyAuthMethods&clmoyg3tw004wmc0ks1yg2zhv 2023-09-18T14:01:44.036Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeLegacyAuth&clmoyfw11004umc0kyg0ekjsp 2023-09-18T14:01:33.782Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeKnownvsUnknownLocation&clmoyfohg004smc0kw758vila 2023-09-18T14:01:24.146Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeInboundvsOutboundGuests&clmoyfjam004qmc0k1rmtepsv 2023-09-18T14:01:17.279Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeGuestRedemptionswithTrend&clmoyfd1z004omc0km34t3b8o 2023-09-18T14:01:09.334Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeGuestDomains&clmoyf5ux004mmc0k0mmmqxcv 2023-09-18T14:00:59.866Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeGuestAppAccess&clmoyez89004kmc0kp7kzh9br 2023-09-18T14:00:51.417Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeExternalAADGuestsvsExternalGuests&clmoyes42004jmc0krq5dyu8w 2023-09-18T14:00:42.050Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeDistinctInboundGuests&clmoyel45004imc0kb36bpf14 2023-09-18T14:00:33.124Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeControlsvsNoControls&clmoyee9z004hmc0k062bwiwe 2023-09-18T14:00:24.120Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualizeConditionalAccessFailures&clmoye6lo004gmc0kz40xpdyf 2023-09-18T14:00:14.315Z weekly 0.6 https://kqlsearch.com/query/Identity-VisualStdDevofMFAFailures&clmoye0t9004fmc0k7ofyy0wd 2023-09-18T14:00:06.669Z weekly 0.6 https://kqlsearch.com/query/Identity-UserTryingtoAccessMultipleApps&clmoydqhs004emc0khy1n09b8 2023-09-18T13:59:53.439Z weekly 0.6 https://kqlsearch.com/query/Identity-UserReportedSuspiciousMFA&clmoydjt9004dmc0kghaeppe9 2023-09-18T13:59:44.638Z weekly 0.6 https://kqlsearch.com/query/Identity-Top20RiskyLocations&clmoyd9ti004cmc0k9zoqcl85 2023-09-18T13:59:31.830Z weekly 0.6 https://kqlsearch.com/query/Identity-Top20RandomStats&clmoy1vv9004bmc0k6hz29our 2023-09-18T13:50:40.390Z weekly 0.6 https://kqlsearch.com/query/Identity-Top20AppswithnoCA&clmoy1fqt004amc0k9z88c2bv 2023-09-18T13:50:19.635Z weekly 0.6 https://kqlsearch.com/query/Identity-ThirdPartyMFAFailures&clmoy17xu0049mc0kxa6rs72f 2023-09-18T13:50:09.374Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeUnknownLocationnoMFA&clmoy0urw0048mc0k4oprzyds 2023-09-18T13:49:52.317Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeSuspiciousIPAddresses&clmoy0ntp0047mc0kkmqxmbbg 2023-09-18T13:49:43.452Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeSigninInfoafterMFAconfig&clmoy0efv0046mc0ka6uesf6t 2023-09-18T13:49:31.148Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeOutboundGuestActivity&clmoy059f0045mc0k1xdgidv7 2023-09-18T13:49:19.394Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeMFATop20Apps&clmoxzydn0043mc0k400c61uk 2023-09-18T13:49:10.333Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeMFAFailures&clmoxzq0w0041mc0kdebmp7k4 2023-09-18T13:48:59.648Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeLoginInfofromMaliciousIP&clmoxzjcv003zmc0k8v0mo55s 2023-09-18T13:48:51.006Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeLocationSignins&clmoxz8kn003xmc0kqpu569j0 2023-09-18T13:48:36.888Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeLegacyAuth&clmoxz11h003vmc0k5yszygvn 2023-09-18T13:48:27.269Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeInternetExplorerSignins&clmoxyroh003tmc0kmggvh5ij 2023-09-18T13:48:15.136Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeGuestTenantActivity&clmoxyidf003rmc0kjv3771ou 2023-09-18T13:48:03.074Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeGuestInactivity&clmoxyb8i003pmc0k84s6n0j4 2023-09-18T13:47:53.826Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeGuestDomainbyType&clmoxy38r003nmc0kwifemyk1 2023-09-18T13:47:43.466Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeGuestConditionalAccess&clmoxxy2y003lmc0klwnzep3j 2023-09-18T13:47:36.777Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeConditionalAccessPoliciesfailures&clmoxxptf003jmc0kaizi4go1 2023-09-18T13:47:26.066Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeAppUsageMonthonMonth&clmoxxjg5003hmc0kdkm6t7u1 2023-09-18T13:47:17.813Z weekly 0.6 https://kqlsearch.com/query/Identity-SummarizeAccountInactivity&clmoxxbak003fmc0kdjy5mcee 2023-09-18T13:47:07.243Z weekly 0.6 https://kqlsearch.com/query/Identity-SingleFactorSigninsFromPrivUsers&clmoxx28c003emc0kccas18ui 2023-09-18T13:46:55.499Z weekly 0.6 https://kqlsearch.com/query/Identity-SingleFactorConnectionstoAzure&clmoxwu27003dmc0k4h01bd6h 2023-09-18T13:46:44.769Z weekly 0.6 https://kqlsearch.com/query/Identity-ServicePrincipalswithSingleIP&clmoxwi8p003cmc0k9vrlz6fj 2023-09-18T13:46:29.593Z weekly 0.6 https://kqlsearch.com/query/Identity-ServicePrincipalsOnlyExpiredSecret&clmoxwazp003bmc0kvvs9d90m 2023-09-18T13:46:20.055Z weekly 0.6 https://kqlsearch.com/query/Identity-ServicePrincipalsMultipleLocations&clmoxw39h003amc0ky4f7weo8 2023-09-18T13:46:10.181Z weekly 0.6 https://kqlsearch.com/query/Identity-ServicePrincipalSummaryofResources&clmoxvun70039mc0ktnay1trl 2023-09-18T13:45:58.868Z weekly 0.6 https://kqlsearch.com/query/Identity-ServicePrincipalSigninsbyIP&clmoxvo9b0038mc0krit7g5sx 2023-09-18T13:45:50.734Z weekly 0.6 https://kqlsearch.com/query/Identity-ServicePrincipalSigninfromnewIP&clmoxviy10037mc0kbia7cnlj 2023-09-18T13:45:43.707Z weekly 0.6 https://kqlsearch.com/query/Identity-ServicePrincipalSigninErrors&clmoxvcct0036mc0ksyldvg91 2023-09-18T13:45:35.308Z weekly 0.6 https://kqlsearch.com/query/Identity-ServicePrincipalExpiredSecret&clmoxv6nh0035mc0koqbm37xd 2023-09-18T13:45:27.774Z weekly 0.6 https://kqlsearch.com/query/Identity-ServicePrincipalCreatedbyManagedIdentity&clmoxuttd0034mc0kpr9ekal7 2023-09-18T13:45:11.139Z weekly 0.6 https://kqlsearch.com/query/Identity-SecurityAlertWithNewAgent&clmoxunw00033mc0k4h5ofgba 2023-09-18T13:45:03.599Z weekly 0.6 https://kqlsearch.com/query/Identity-SSPRfollowedbyRiskySignin&clmoxufdp0032mc0klp428z6h 2023-09-18T13:44:52.431Z weekly 0.6 https://kqlsearch.com/query/Identity-RoleAddedtoServicePrincipal&clmoxu7dp0031mc0kn7956jmd 2023-09-18T13:44:42.204Z weekly 0.6 https://kqlsearch.com/query/Identity-RiskySigninFollowedbyAdminMFAChange&clmoxtzp50030mc0kzyeos17u 2023-09-18T13:44:32.107Z weekly 0.6 https://kqlsearch.com/query/Identity-RiskyMFARequirementfollowedbyMFAregistration&clmoxtr8s002zmc0k8kcskaxz 2023-09-18T13:44:21.291Z weekly 0.6 https://kqlsearch.com/query/Identity-RiskEventfollowedbyMFAchanges&clmoxtjbx002ymc0k9f1yiblf 2023-09-18T13:44:11.036Z weekly 0.6 https://kqlsearch.com/query/Identity-PotentialMFASpam&clmoxt7wu002xmc0k9uq245pq 2023-09-18T13:43:56.096Z weekly 0.6 https://kqlsearch.com/query/Identity-PotentialMFANumberMatchingAbuse&clmoxsoy3002wmc0kk6kb765o 2023-09-18T13:43:31.658Z weekly 0.6 https://kqlsearch.com/query/Identity-PotentialAppRecon&clmoxsfbq002vmc0kylt0u4ge 2023-09-18T13:43:19.047Z weekly 0.6 https://kqlsearch.com/query/Identity-PotentialAiTM&clmoxs5q2002umc0kytnd5xo6 2023-09-18T13:43:06.745Z weekly 0.6 https://kqlsearch.com/query/Identity-ParseUserAgent&clmoxrwnu002tmc0k2lnnqbnz 2023-09-18T13:42:54.860Z weekly 0.6 https://kqlsearch.com/query/Identity-ParseIPInfofromSecurityAlert&clmoxr9mm002smc0k6sq8zyw1 2023-09-18T13:42:25.149Z weekly 0.6 https://kqlsearch.com/query/Identity-MultipleMFAFailuresPrivUsers&clmoxr2cz002rmc0kc1vh5lte 2023-09-18T13:42:15.589Z weekly 0.6 https://kqlsearch.com/query/Identity-MultipleCAFailures&clmoxqu39002qmc0k837l7bw0 2023-09-18T13:42:05.012Z weekly 0.6 https://kqlsearch.com/query/Identity-MuiltipleConditionalAccessFailures&clmoxql7r002pmc0kgfhx27i2 2023-09-18T13:41:53.368Z weekly 0.6 https://kqlsearch.com/query/Identity-ManagedIdentitySummaryofResources&clmoxq5w0002omc0kjjvtago9 2023-09-18T13:41:33.648Z weekly 0.6 https://kqlsearch.com/query/Identity-ManagedIdentityAccessingNewResources&clmoxpzz9002nmc0knu8iz258 2023-09-18T13:41:25.847Z weekly 0.6 https://kqlsearch.com/query/Identity-MFARegistrationfollowedbySSPR&clmoxpq50002mmc0knl4wr1k6 2023-09-18T13:41:13.235Z weekly 0.6 https://kqlsearch.com/query/Identity-MFAPercentageperapp&clmoxpjz5002lmc0kbj48a5bt 2023-09-18T13:41:05.107Z weekly 0.6 https://kqlsearch.com/query/Identity-MFANewLocationandMethod&clmoxpbww002kmc0kvaba8ak6 2023-09-18T13:40:54.799Z weekly 0.6 https://kqlsearch.com/query/Identity-MFAMethodsPivotTable&clmoxp21n002jmc0kilggntj8 2023-09-18T13:40:41.869Z weekly 0.6 https://kqlsearch.com/query/Identity-MFACountPerUser&clmoxox5a002imc0kl93taike 2023-09-18T13:40:35.661Z weekly 0.6 https://kqlsearch.com/query/Identity-MFAChangesfromunknownIP&clmoxop9f002hmc0kcasood0s 2023-09-18T13:40:25.301Z weekly 0.6 https://kqlsearch.com/query/Identity-LegacyAuthPivotTable&clmoxofow002gmc0kl2stnzd7 2023-09-18T13:40:13.039Z weekly 0.6 https://kqlsearch.com/query/Identity-InactivePrivilegedUsers&clmoxo8b4002fmc0kq9h6hi76 2023-09-18T13:40:03.330Z weekly 0.6 https://kqlsearch.com/query/Identity-InactiveGuestAccounts&clmoxnysa002emc0k9htw7uvu 2023-09-18T13:39:51.129Z weekly 0.6 https://kqlsearch.com/query/Identity-HighMediumRealtimeRiskforAADRoles&clmoxnp62002dmc0k1xiwf6yl 2023-09-18T13:39:38.524Z weekly 0.6 https://kqlsearch.com/query/Identity-GuestsInvitedbutnotRedeemed&clmoxn8l5002cmc0kzcv05n9s 2023-09-18T13:39:17.176Z weekly 0.6 https://kqlsearch.com/query/Identity-GuestsAccessingNewApplications&clmoxn2qv002bmc0kkerq38i0 2023-09-18T13:39:09.465Z weekly 0.6 https://kqlsearch.com/query/Identity-GuestTypeParser&clmoxmvho002amc0k5bbfenno 2023-09-18T13:39:00.203Z weekly 0.6 https://kqlsearch.com/query/Identity-GuestInvitesSentvsRedeemed&clmoxmn2w0029mc0kdgg7ca50 2023-09-18T13:38:49.162Z weekly 0.6 https://kqlsearch.com/query/Identity-GuestAddedtoAADRole&clmoxmcli0028mc0k8gyb0irt 2023-09-18T13:38:35.718Z weekly 0.6 https://kqlsearch.com/query/Identity-FirstTimeSPBlockedbyCA&clmoxm4dy0027mc0kp3n024hx 2023-09-18T13:38:24.936Z weekly 0.6 https://kqlsearch.com/query/Identity-FirstTimeRoleAddition&clmoxlr7d0026mc0ks25hy7mi 2023-09-18T13:38:07.992Z weekly 0.6 https://kqlsearch.com/query/Identity-FirstTimeLegacyAuth&clmoxlkkm0025mc0kumdz4je7 2023-09-18T13:37:59.256Z weekly 0.6 https://kqlsearch.com/query/Identity-FirstPartyApps&clmoxlbyo0024mc0ksi0nkk98 2023-09-18T13:37:48.239Z weekly 0.6 https://kqlsearch.com/query/Identity-FindUsersOnlyusingTextforMFA&clmoxl4pf0023mc0kno93fw4d 2023-09-18T13:37:38.692Z weekly 0.6 https://kqlsearch.com/query/Identity-FindUsersMultipleCountriesSameDay&clmoxkxvd0022mc0ktprttj9m 2023-09-18T13:37:29.977Z weekly 0.6 https://kqlsearch.com/query/Identity-FindNewEnterpriseApps&clmoxkpw80021mc0kpjedcqp6 2023-09-18T13:37:19.498Z weekly 0.6 https://kqlsearch.com/query/Identity-FindMultipleCASuccesses&clmoxkiky0020mc0kv2rcyiy9 2023-09-18T13:37:10.162Z weekly 0.6 https://kqlsearch.com/query/Identity-FindInactiveServicePrincipals&clmoxkb27001zmc0kwdxhkiac 2023-09-18T13:37:00.273Z weekly 0.6 https://kqlsearch.com/query/Identity-FindInactiveManagedIdentities&clmoxk1eu001xmc0k5yb6odw6 2023-09-18T13:36:47.909Z weekly 0.6 https://kqlsearch.com/query/Identity-FindGuestsAccessingMostApps&clmoxjrh3001vmc0kosqc09m4 2023-09-18T13:36:34.890Z weekly 0.6 https://kqlsearch.com/query/Identity-FindCAFailurePercentage&clmoxjebq001tmc0kpa41mpia 2023-09-18T13:36:17.849Z weekly 0.6 https://kqlsearch.com/query/Identity-FindAppswithNoSignins&clmoxj77v001rmc0k4e1g5zc2 2023-09-18T13:36:08.778Z weekly 0.6 https://kqlsearch.com/query/Identity-DeviceCodePhishing&clmoxj0jh001pmc0kmrq09tvo 2023-09-18T13:35:59.984Z weekly 0.6 https://kqlsearch.com/query/Identity-DetectingFirstTimeAccesstoAzureManagement&clmoxispa001nmc0kl0ecmor3 2023-09-18T13:35:49.965Z weekly 0.6 https://kqlsearch.com/query/Identity-DetectMultipleDistinctRiskEvents&clmoxijem001lmc0kh0mc8ems 2023-09-18T13:35:37.776Z weekly 0.6 https://kqlsearch.com/query/Identity-DailySummaryofUsersAddedtoAADGroups&clmoxidkw001kmc0kcrthpadb 2023-09-18T13:35:30.368Z weekly 0.6 https://kqlsearch.com/query/Identity-ConditionalAccessPoliciesNotinUse&clmoxi6vf001imc0klii1qi4w 2023-09-18T13:35:21.533Z weekly 0.6 https://kqlsearch.com/query/Identity-ConditionalAccessPivotTable&clmoxi20z001gmc0k8hri7h3q 2023-09-18T13:35:15.394Z weekly 0.6 https://kqlsearch.com/query/Identity-ConditionalAccessMostFailures&clmoxhw07001emc0kf70a9be2 2023-09-18T13:35:07.590Z weekly 0.6 https://kqlsearch.com/query/Identity-CalculateRiskyUsers&clmoxhobn001cmc0k2qjohywj 2023-09-18T13:34:57.494Z weekly 0.6 https://kqlsearch.com/query/Identity-CalculateRiskyApps&clmoxhhjq001amc0k1ky4avyk 2023-09-18T13:34:48.854Z weekly 0.6 https://kqlsearch.com/query/Identity-CAPolicyStats&clmoxhaqc0018mc0k3nqpm9re 2023-09-18T13:34:39.879Z weekly 0.6 https://kqlsearch.com/query/Identity-AuthStrengthMFASFAPercentage&clmoxh1ao0016mc0ktuhwb2gv 2023-09-18T13:34:27.792Z weekly 0.6 https://kqlsearch.com/query/Identity-AppswithmostSFAPrivUsers&clmoxgt5l0014mc0k1aspbl8q 2023-09-18T13:34:17.099Z weekly 0.6 https://kqlsearch.com/query/Identity-AppsWithMoreGuests&clmoxglmk0012mc0krj2j9xbg 2023-09-18T13:34:07.483Z weekly 0.6 https://kqlsearch.com/query/Identity-ApplicationAccessReview&clmoxgezm0010mc0k9uhh5vl9 2023-09-18T13:33:58.741Z weekly 0.6 https://kqlsearch.com/query/Identity-AppAccessMembersvsGuests&clmoxg7fu000ymc0ku6p1u7o0 2023-09-18T13:33:49.097Z weekly 0.6 https://kqlsearch.com/query/Identity-AnomalousConditionalAccessFailures&clmoxg0qj000wmc0kvqxheny6 2023-09-18T13:33:40.268Z weekly 0.6 https://kqlsearch.com/query/Identity-AlertsFromPrivilegedUsers&clmoxfo6p000umc0kezspp9az 2023-09-18T13:33:24.144Z weekly 0.6 https://kqlsearch.com/query/Identity-AlertGuestDeniedAccesstoMultipleApps&clmoxfga7000smc0k56m5bc0f 2023-09-18T13:33:13.761Z weekly 0.6 https://kqlsearch.com/query/Identity-AdminUpdatingSecurityInfo&clmoxf52a000qmc0knsk9fz2r 2023-09-18T13:32:59.362Z weekly 0.6 https://kqlsearch.com/query/Identity-AADRiskEventCorrelation&clmoxez3x000omc0k4oxj6rcc 2023-09-18T13:32:51.503Z weekly 0.6 https://kqlsearch.com/query/Audit-VisualizeSSPRSuccessvsFailure&clmoxep6m000mmc0k4md26ub8 2023-09-18T13:32:38.782Z weekly 0.6 https://kqlsearch.com/query/Audit-UserswithPrivRolesbutnoActivity&clmoxehog000kmc0knjc9zh88 2023-09-18T13:32:28.914Z weekly 0.6 https://kqlsearch.com/query/Audit-UsersWhoHaventElevatedPIM&clmoxe651000imc0kk1t1q8w8 2023-09-18T13:32:14.101Z weekly 0.6 https://kqlsearch.com/query/Audit-UsersAddedtoDynamicGroups&clmoxe01v000gmc0kq77zvolw 2023-09-18T13:32:06.210Z weekly 0.6 https://kqlsearch.com/query/Audit-UserAddedtoRoleOutsidePIM&clmoxdue9000emc0k3diymeuy 2023-09-18T13:31:58.881Z weekly 0.6 https://kqlsearch.com/query/Audit-UserAddedandRemovedfromRole&clmoxdp4w000cmc0k06te8czs 2023-09-18T13:31:51.922Z weekly 0.6 https://kqlsearch.com/query/Audit-SummarizeWeeklyPIM&clmoxdgv0000amc0k4g2x36yj 2023-09-18T13:31:41.339Z weekly 0.6 https://kqlsearch.com/query/Audit-SummarizePIMRolesActivated&clmoxdc5m0008mc0k0mkqzvq7 2023-09-18T13:31:35.099Z weekly 0.6 https://kqlsearch.com/query/Audit-RedirectURIChanged&clmoxd4za0006mc0kc874zht5 2023-09-18T13:31:25.941Z weekly 0.6 https://kqlsearch.com/query/Audit-PivotTableofPrivilegedUserActions&clmoxcxh30004mc0kypupfm2b 2023-09-18T13:31:16.074Z weekly 0.6 https://kqlsearch.com/query/Audit-NewTenantCreated&clmoxcpy70002mc0kbc3acrdy 2023-09-18T13:31:06.463Z weekly 0.6 https://kqlsearch.com/query/Audit-NewPrivilegedActions&clmoxcj5u0000mc0k4lrmr3zq 2023-09-18T13:30:57.665Z weekly 0.6 https://kqlsearch.com/query/Audit-NewPIMRoleActivated&clmox0mly00245i9s75m4nb7k 2023-09-18T13:21:42.261Z weekly 0.6 https://kqlsearch.com/query/Audit-NewOperations&clmox0f4b00235i9sii7aqhpl 2023-09-18T13:21:32.547Z weekly 0.6 https://kqlsearch.com/query/Audit-NewDomainAdded&clmox085y00225i9srustccnv 2023-09-18T13:21:23.541Z weekly 0.6 https://kqlsearch.com/query/Audit-NamedLocationsChanged&clmox03oi00215i9s54qu7c1y 2023-09-18T13:21:17.729Z weekly 0.6 https://kqlsearch.com/query/Audit-MultipleUsersSameMFANumber&clmowzxdh00205i9sbxxokhsg 2023-09-18T13:21:09.548Z weekly 0.6 https://kqlsearch.com/query/Audit-MFAChangesforPrivlegedUsers&clmowzp7c001z5i9scbv7swhi 2023-09-18T13:20:58.968Z weekly 0.6 https://kqlsearch.com/query/Audit-ListBulkActivities&clmowzfrk001y5i9sv710rdan 2023-09-18T13:20:46.735Z weekly 0.6 https://kqlsearch.com/query/Audit-GuestAddedtoPIM&clmowzak5001x5i9skt258z2b 2023-09-18T13:20:39.988Z weekly 0.6 https://kqlsearch.com/query/Audit-GroupMFARegistrationbyPhoneNumber&clmowz4d9001w5i9s5rhs7j58 2023-09-18T13:20:31.957Z weekly 0.6 https://kqlsearch.com/query/Audit-GroupAddedtoPIM&clmowyxiy001v5i9s50w8uaxg 2023-09-18T13:20:23.098Z weekly 0.6 https://kqlsearch.com/query/Audit-FirstTimePIMActivationOutsideWorkingHours&clmowyqak001u5i9snjs9lijs 2023-09-18T13:20:13.715Z weekly 0.6 https://kqlsearch.com/query/Audit-FindUsersFailingSSPR&clmowyi6a001t5i9sgq0pkmf6 2023-09-18T13:20:03.201Z weekly 0.6 https://kqlsearch.com/query/Audit-FindUsersFailingNewPasswordSSPR&clmowybr3001s5i9simr5xgif 2023-09-18T13:19:54.871Z weekly 0.6 https://kqlsearch.com/query/Audit-EventsbyRiskyPrivilegedUser&clmowy3lb001r5i9srgsniisd 2023-09-18T13:19:44.302Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectSSPRFromUnknownIP&clmowxsuu001q5i9santyr3rb 2023-09-18T13:19:30.381Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectSSPRAfterHours&clmowxl79001p5i9s7m83dhqe 2023-09-18T13:19:20.469Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectSPAddedAfterHours&clmowxf4b001o5i9sl1yhk7h2 2023-09-18T13:19:12.578Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectPIMActivationsOutsideWorkingHours&clmowx6lk001n5i9stqay77gh 2023-09-18T13:19:01.543Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectNewPrivilegedGroupAdded&clmowwz6s001m5i9sfv05m1s6 2023-09-18T13:18:51.931Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectNewCrossTenantSetting&clmowws7w001l5i9s0v5b0u65 2023-09-18T13:18:42.907Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectFirstTimeServicePrincipalCreation&clmowwizd001k5i9sita38p7a 2023-09-18T13:18:30.928Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectFirstTimeCAPolicyChange&clmoww7ea001j5i9so8jp5360 2023-09-18T13:18:15.922Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectCredentialAddedtoApp&clmoww1lj001h5i9sn3nlsje3 2023-09-18T13:18:08.399Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectConditionalAccessChangesAfterHours&clmowvv5v001f5i9sn6ut5ao8 2023-09-18T13:18:00.066Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectAdvancedAuditingDisabled&clmowvo5a001d5i9sdf97awib 2023-09-18T13:17:50.965Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectActivePIMAssignment&clmowvgxm001b5i9s09uponc5 2023-09-18T13:17:41.625Z weekly 0.6 https://kqlsearch.com/query/Audit-DetectAADInternalsUse&clmowv9ol001a5i9s2cj40idf 2023-09-18T13:17:32.219Z weekly 0.6 https://kqlsearch.com/query/Audit-DailySummaryofAdminActivity&clmowux8x00185i9sheomixyo 2023-09-18T13:17:16.105Z weekly 0.6 https://kqlsearch.com/query/Audit-CustomSecurityAttributeSet&clmowuq4400165i9sead7y73l 2023-09-18T13:17:06.868Z weekly 0.6 https://kqlsearch.com/query/Audit-BitLockerKeyRetrieved&clmowuk4600145i9strhwzchx 2023-09-18T13:16:59.094Z weekly 0.6 https://kqlsearch.com/query/Audit-AppProxySettoPassThrough&clmowue2f00125i9sbswsg3lp 2023-09-18T13:16:51.254Z weekly 0.6 https://kqlsearch.com/query/Audit-AllowedBlockedDomainListChanges&clmowu80q00105i9sruz2xirr 2023-09-18T13:16:43.418Z weekly 0.6 https://kqlsearch.com/query/Audit-AccessPackageCreated&clmowu2lp000y5i9s5558nfot 2023-09-18T13:16:36.396Z weekly 0.6 https://kqlsearch.com/query/Anamoly-HigherThanExpectedSysLog&clmowtwmx000w5i9sxwffbity 2023-09-18T13:16:28.664Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-VisualizeAccountsCreatedDisabledDeleted&clmowtr8b000u5i9szbajaw67 2023-09-18T13:16:21.650Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-UnconstrainedDelegationtoUser&clmowtknj000s5i9so5afd326 2023-09-18T13:16:13.135Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-UnconstrainedDelegationEnabled&clmowtfe7000q5i9s8rvfmbi9 2023-09-18T13:16:06.310Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-UACFlagParser&clmowt79r000o5i9sueehxztk 2023-09-18T13:15:55.790Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-SummarizeRDPActivity&clmowt2b2000m5i9s27aq96x4 2023-09-18T13:15:49.350Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-SummarizePrivilegesAssignedonLogon&clmowsw5e000k5i9sw4wt7hdv 2023-09-18T13:15:41.378Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-LogonToDeviceListChanged&clmowsr1k000i5i9sv9u61wfl 2023-09-18T13:15:34.760Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-GPOInheritanceChanged&clmowskrp000g5i9sucsgvb41 2023-09-18T13:15:26.628Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-DetectPrivilegedAADAdminPasswordChange&clmowseey000e5i9s48kya6hk 2023-09-18T13:15:18.393Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-DailySummaryofGroupAdditions&clmows8m9000c5i9s12nlyi2h 2023-09-18T13:15:10.880Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-AnomalousIPCRecon&clmows30i000a5i9sligw78d9 2023-09-18T13:15:03.617Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-AccountSetPasswordNotRequired&clmowrx9i00085i9seatax079 2023-09-18T13:14:56.157Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-AccountSensitivityChanged&clmowrq2300065i9s4vjr0r3q 2023-09-18T13:14:46.826Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-AccountPreAuthChanges&clmowrjr300045i9sg26sjlhx 2023-09-18T13:14:38.646Z weekly 0.6 https://kqlsearch.com/query/AADPasswordProtection-AllEvents&clmowrdaf00025i9sczthr9av 2023-09-18T13:14:30.278Z weekly 0.6 https://kqlsearch.com/query/AWS-PublicIPAddedtoInstance&clmowr9kt00005i9sqf80r5t9 2023-09-18T13:14:25.463Z weekly 0.6 https://kqlsearch.com/query/MS%20Exchange%20Zero%20Day%20Sept%202022&clmo2dv1o00czmc0jrkd1mswx 2023-09-17T23:04:11.627Z weekly 0.6 https://kqlsearch.com/query/Follina&clmo2dqja00cxmc0jpvb3l2of 2023-09-17T23:04:05.640Z weekly 0.6 https://kqlsearch.com/query/WeakSSHVersionUsed&clmo2djyc00cvmc0jvjz5bzk9 2023-09-17T23:03:57.252Z weekly 0.6 https://kqlsearch.com/query/WSLInstallations&clmo2delw00ctmc0jnay3zuy7 2023-09-17T23:03:50.323Z weekly 0.6 https://kqlsearch.com/query/VulnerabilitiesWithAvailablePOC&clmo2d95500crmc0j3u2otlkt 2023-09-17T23:03:43.100Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20VulnerabilitiesBySeverity&clmo2d2r900cpmc0j90wnl0cc 2023-09-17T23:03:34.964Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20BrowserExtension%20-%20MostCommonCricitalExtensions&clmo2czfa00cnmc0j5m48ywd0 2023-09-17T23:03:30.645Z weekly 0.6 https://kqlsearch.com/query/Upcomming-EOS-Software&clmo2cvso00clmc0jyssnw48o 2023-09-17T23:03:25.944Z weekly 0.6 https://kqlsearch.com/query/Top-Devices-Most-Vulnerabilities&clmo2crpu00cjmc0j0oxgkbmi 2023-09-17T23:03:20.658Z weekly 0.6 https://kqlsearch.com/query/Top-Devices-Most-Exploitable-Vulnerabilities&clmo2cn3f00chmc0j2j9bj0jd 2023-09-17T23:03:14.667Z weekly 0.6 https://kqlsearch.com/query/Pivot%20-%20DeviceVulnerabilities&clmo2cj0300cfmc0jfvyvvi4u 2023-09-17T23:03:09.362Z weekly 0.6 https://kqlsearch.com/query/OpenSSLVulnerableDevices&clmo2cfk300cdmc0j3gz20ebx 2023-09-17T23:03:04.758Z weekly 0.6 https://kqlsearch.com/query/InternetFacingDevicesWithAvailableExploits&clmo2cbed00cbmc0jg3mgocuf 2023-09-17T23:02:59.509Z weekly 0.6 https://kqlsearch.com/query/DomainControllersWithTheMostVulnerabilities&clmo2c6hv00c9mc0jung48f01 2023-09-17T23:02:53.154Z weekly 0.6 https://kqlsearch.com/query/Devices-With-Recent-Exploitable-Vulnerability&clmo2c1n700c7mc0j0g72mcm7 2023-09-17T23:02:46.726Z weekly 0.6 https://kqlsearch.com/query/Device-EDR-Configuration-Not-Compliant&clmo2bv4t00c5mc0jzjlycze1 2023-09-17T23:02:38.429Z weekly 0.6 https://kqlsearch.com/query/Device-Configuration-Not-Compliant&clmo2bqg900c3mc0j0enq9ozl 2023-09-17T23:02:32.360Z weekly 0.6 https://kqlsearch.com/query/CveLookup&clmo2blp300c1mc0jeqaengr5 2023-09-17T23:02:26.057Z weekly 0.6 https://kqlsearch.com/query/CVEWithMetaSploitExploitDeviceTotal&clmo2bge600bzmc0jyj9116x1 2023-09-17T23:02:19.326Z weekly 0.6 https://kqlsearch.com/query/CISAKnowExploitsVulnerabilitiesTotalVulnerableDevices&clmo2bbcu00bxmc0jui4usb7w 2023-09-17T23:02:12.797Z weekly 0.6 https://kqlsearch.com/query/CISAKnowExploitsVulnerabilitiesDeviceTotal&clmo2b7eq00bvmc0jqkpdqyer 2023-09-17T23:02:07.539Z weekly 0.6 https://kqlsearch.com/query/BrowserExtension%20-%20Top100MostPermissiveExtensionsInstalled&clmo2b18x00btmc0jdkxnawh6 2023-09-17T23:01:59.696Z weekly 0.6 https://kqlsearch.com/query/BrowserExtension%20-%20Top100DevicesWithTheMostBrowserExtensions&clmo2awib00brmc0jgvbo6q8b 2023-09-17T23:01:53.554Z weekly 0.6 https://kqlsearch.com/query/BrowserExtension%20-%20InstalledExtensionsWithTheMostRequiredPermissions&clmo2aruc00bpmc0jdpu0ux8v 2023-09-17T23:01:47.365Z weekly 0.6 https://kqlsearch.com/query/BrowserExtension%20-%20InstalledExtensionsWithNotificationPermissions&clmo2am9800bnmc0jgzb5t7em 2023-09-17T23:01:40.268Z weekly 0.6 https://kqlsearch.com/query/Active-EOS-Software&clmo2ahub00blmc0jf27icd4v 2023-09-17T23:01:34.546Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20TwitterIOCs&clmo2aduc00bkmc0ji9p35dan 2023-09-17T23:01:29.221Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20ThreatfoxMalwareDomains&clmo2a5k500bimc0j8wt3fs06 2023-09-17T23:01:18.629Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20MISP%20IPSum%20level%208&clmo29zw800bgmc0jq1m60txp 2023-09-17T23:01:11.287Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20MISP%20IPSum%20level%207&clmo29tz800bemc0j6d05tigb 2023-09-17T23:01:03.619Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20MISP%20IPSum%20level%206&clmo29oog00bcmc0jnoaujdhf 2023-09-17T23:00:56.609Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20MISP%20IPSum%20level%205&clmo29j0p00bamc0jkhb2sags 2023-09-17T23:00:49.416Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20MISP%20IPSum%20level%204&clmo29dmb00b8mc0jzxd8xj69 2023-09-17T23:00:42.418Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20CERT-FR-MISPFeed&clmo297pc00b6mc0jsa4y1b86 2023-09-17T23:00:34.751Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20C2URLFeedFilterAbuse&clmo293gq00b4mc0jrymi7tm9 2023-09-17T23:00:29.257Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20C2URLFeed&clmo28wvp00b2mc0jvgqc2kx3 2023-09-17T23:00:20.582Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20C2IPFeed&clmo28sd100b0mc0ju9mrkhbb 2023-09-17T23:00:14.868Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20BlocklistDEAllMaliciousIP&clmo28mjc00aymc0j607nt4mc 2023-09-17T23:00:07.320Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20AbuseCHMD5Malware&clmo28ilc00awmc0j358aofe4 2023-09-17T23:00:02.207Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20AbuseCHIPBlacklistFeed&clmo28dh000aumc0j0tcli083 2023-09-17T22:59:55.572Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%20AbuseCHBotnetC2Indicators&clmo287qd00asmc0jmjp8sgfu 2023-09-17T22:59:47.990Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%202022-TalosEmotetSHA256&clmo27yih00aqmc0j3rsb82i7 2023-09-17T22:59:36.184Z weekly 0.6 https://kqlsearch.com/query/TI%20Feed%20-%202022-TalosEmotetDomain&clmo27tl900aomc0jvfymiea4 2023-09-17T22:59:29.663Z weekly 0.6 https://kqlsearch.com/query/Ransomware%20-%20APTNotesSHA1IOC&clmo27mt400ammc0jyij7uww4 2023-09-17T22:59:21.015Z weekly 0.6 https://kqlsearch.com/query/Ransomware%20-%20APTNotesJoinTable&clmo27h0n00akmc0j9u93b1ad 2023-09-17T22:59:13.510Z weekly 0.6 https://kqlsearch.com/query/IOC%20-%20NighthawkRat&clmo27dsd00aimc0j4m8chsxi 2023-09-17T22:59:09.325Z weekly 0.6 https://kqlsearch.com/query/IOC%20-%20CiscoYanluowangRansomware&clmo278cc00agmc0jysi22rzp 2023-09-17T22:59:02.267Z weekly 0.6 https://kqlsearch.com/query/IOC%20-%20BlackCatRansomware&clmo273d400aemc0jclabe83f 2023-09-17T22:58:55.815Z weekly 0.6 https://kqlsearch.com/query/Behavior%20-%20TelegramC2&clmo26y9n00acmc0jsk55g8p7 2023-09-17T22:58:49.211Z weekly 0.6 https://kqlsearch.com/query/Behavior%20-%20InboundConnectionFromMaliciousIP&clmo26u6200aamc0j4ri1sfen 2023-09-17T22:58:43.897Z weekly 0.6 https://kqlsearch.com/query/Behavior%20-%20AsyncRATInitialAccess&clmo26mf500a8mc0jc3z3f22d 2023-09-17T22:58:33.856Z weekly 0.6 https://kqlsearch.com/query/Suspicious%20SMB%20Sessions&clmo26e1q00a6mc0juzaaw3fv 2023-09-17T22:58:22.863Z weekly 0.6 https://kqlsearch.com/query/Suspicious%20Encoded%20Powershell&clmo25vso00a4mc0jp1g6furm 2023-09-17T22:57:59.209Z weekly 0.6 https://kqlsearch.com/query/HTTP%20Traffic&clmo25jdt00a2mc0jc5zkw0d3 2023-09-17T22:57:43.122Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20ThreatIntelligenceIndicatorTriggeredByDay&clmo257ed00a0mc0jsjtof3sf 2023-09-17T22:57:27.591Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20ThreatIntelligenceIndicatorTriggered&clmo252xi009ymc0jc1mez2g1 2023-09-17T22:57:21.942Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20IncidentsTriggeredByMitreTechniques&clmo24zlt009wmc0jb9mxb23z 2023-09-17T22:57:17.633Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20IncidentsTriggeredByMitreTactic&clmo24uec009umc0jzq5qamna 2023-09-17T22:57:10.741Z weekly 0.6 https://kqlsearch.com/query/SentinelAnomalies&clmo24pzt009smc0jabdwrjfj 2023-09-17T22:57:05.176Z weekly 0.6 https://kqlsearch.com/query/ListGlobalAdmins&clmo24lxc009qmc0jh43xryy7 2023-09-17T22:56:59.903Z weekly 0.6 https://kqlsearch.com/query/AnalyticsRulesEfficiency&clmo24hry009omc0jbrixcf1s 2023-09-17T22:56:54.525Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20DailyIncidentTriggers&clmo24akn009mmc0jafl501ui 2023-09-17T22:56:45.190Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20AntivirusEventsByDay&clmo246c7009kmc0jgv1m0gc3 2023-09-17T22:56:39.703Z weekly 0.6 https://kqlsearch.com/query/Statistics%20-%20MostTriggeredMitreTechniques&clmo242mb009imc0jtbyba83q 2023-09-17T22:56:34.882Z weekly 0.6 https://kqlsearch.com/query/Statistics%20-%20MostTriggeredIncidents&clmo23y2m009gmc0jrnl0wrhu 2023-09-17T22:56:28.847Z weekly 0.6 https://kqlsearch.com/query/MalwareFileDetected&clmo23t4u009emc0jfdj3son7 2023-09-17T22:56:22.589Z weekly 0.6 https://kqlsearch.com/query/ListSafeLinkEvents&clmo23oqf009cmc0jnczujknc 2023-09-17T22:56:16.886Z weekly 0.6 https://kqlsearch.com/query/Email%20-%20SafeLinksTrigger&clmo23k9j009amc0j61nniu4y 2023-09-17T22:56:11.094Z weekly 0.6 https://kqlsearch.com/query/Email%20-%20MostRareFileExtensionsRecieved&clmo23epj0098mc0jtq7jfxel 2023-09-17T22:56:03.895Z weekly 0.6 https://kqlsearch.com/query/Email%20-%20MacroAttachmentOpenedFromRareSender&clmo23a160096mc0jrbqkjx8o 2023-09-17T22:55:57.691Z weekly 0.6 https://kqlsearch.com/query/Email%20-%20ISOAttachmentRecieved&clmo233bt0094mc0jidyo6fp8 2023-09-17T22:55:49.144Z weekly 0.6 https://kqlsearch.com/query/Email%20-%20ExecutableFileRecieved&clmo22xwp0092mc0jbzugoohe 2023-09-17T22:55:41.979Z weekly 0.6 https://kqlsearch.com/query/Email%20-%20ASRExecutableContentTriggered&clmo22sw70090mc0jabnaa90u 2023-09-17T22:55:35.622Z weekly 0.6 https://kqlsearch.com/query/Mapping&clmo22lzc008ymc0jeup1jce0 2023-09-17T22:55:26.521Z weekly 0.6 https://kqlsearch.com/query/RegexExamples&clmo225f4008wmc0jiy17d093 2023-09-17T22:55:05.057Z weekly 0.6 https://kqlsearch.com/query/vm%20connection%20check&clmo205d3008umc0j0fz5n1s3 2023-09-17T22:53:31.815Z weekly 0.6 https://kqlsearch.com/query/timescope%20query%20parameters&clmo201o6008smc0jlaj78wna 2023-09-17T22:53:27.030Z weekly 0.6 https://kqlsearch.com/query/stringtoregex%20deprecated&clmo1zyj9008qmc0jc4tb90oj 2023-09-17T22:53:22.964Z weekly 0.6 https://kqlsearch.com/query/enumerating%20identities%20deprecated&clmo1zuc7008omc0jb8u3m8nu 2023-09-17T22:53:17.385Z weekly 0.6 https://kqlsearch.com/query/SuspiciousASNs&clmo1zkbt008mmc0j949etjjo 2023-09-17T22:53:04.552Z weekly 0.6 https://kqlsearch.com/query/Data%20source%20anomalies&clmo1zbx6008kmc0jq5zdhdy5 2023-09-17T22:52:53.657Z weekly 0.6 https://kqlsearch.com/query/ConditionalAccessReportOnly&clmo1z7od008imc0jv2aomg34 2023-09-17T22:52:48.157Z weekly 0.6 https://kqlsearch.com/query/Azure%20AD%20Identity%20Protection%20glitch&clmo1z2v5008gmc0j1jr9509m 2023-09-17T22:52:41.778Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-Events&clmo1yx1k008emc0jy2ltoehd 2023-09-17T22:52:34.375Z weekly 0.6 https://kqlsearch.com/query/Multiple-All%20watchlist%20items&clmo1ytmw008dmc0jh44ejbcg 2023-09-17T22:52:29.959Z weekly 0.6 https://kqlsearch.com/query/ThreatIntelligenceIndicator-Stopped%20event%20reception%20-%20ThreatIntelligenceIndicator&clmo1ylco008bmc0jsayp2evp 2023-09-17T22:52:19.223Z weekly 0.6 https://kqlsearch.com/query/SentinelHealth-Sentinel%20failure&clmo1yha40089mc0jd1y9dkyo 2023-09-17T22:52:13.947Z weekly 0.6 https://kqlsearch.com/query/SecurityIncident-Stopped%20event%20reception%20-%20SecurityIncident&clmo1ybh30087mc0j09zk1ria 2023-09-17T22:52:06.280Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Stopped%20event%20reception%20-%20Domain%20Controllers%20-%20SecurityEvent&clmo1y5f10085mc0j93d41ak0 2023-09-17T22:51:58.572Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-Alert%20generation%20anomaly&clmo1y1rn0083mc0jioetccc9 2023-09-17T22:51:53.842Z weekly 0.6 https://kqlsearch.com/query/Multiple-Stopped%20event%20reception&clmo1xwxb0081mc0jh2w8nrs4 2023-09-17T22:51:47.566Z weekly 0.6 https://kqlsearch.com/query/Multiple-Ingestion%20delays&clmo1xqlr007zmc0jf6hdefb4 2023-09-17T22:51:39.233Z weekly 0.6 https://kqlsearch.com/query/Multiple-Delayed%20event%20ingestion&clmo1xm56007xmc0juks84o0k 2023-09-17T22:51:33.593Z weekly 0.6 https://kqlsearch.com/query/Heartbeat-Stopped%20event%20reception%20-%20Domain%20Controllers&clmo1xhb6007vmc0j3b5mh39v 2023-09-17T22:51:27.330Z weekly 0.6 https://kqlsearch.com/query/AzureDiagnostics-Stopped%20event%20reception%20-%20AzureDiagnostics%20-%20ResourceType&clmo1xe4k007umc0j5vd26u45 2023-09-17T22:51:23.062Z weekly 0.6 https://kqlsearch.com/query/SecurityIncident-True%20positive%20incidents%20from%20previous%20month&clmo1x6kr007smc0j3u88etc5 2023-09-17T22:51:13.419Z weekly 0.6 https://kqlsearch.com/query/SecurityIncident-Monthly%20incidents%20closed%20by%20Automation%20Rules&clmo1x285007qmc0jqsy7mby7 2023-09-17T22:51:07.779Z weekly 0.6 https://kqlsearch.com/query/Anomalies-UEBA%20Anomalous%20Sign%20In&clmo1wwoj007omc0jhbiq2rpw 2023-09-17T22:51:00.452Z weekly 0.6 https://kqlsearch.com/query/Anomalies-UEBA%20Anomalous%20Process%20Creation&clmo1wr6m007mmc0j7i5y42fk 2023-09-17T22:50:53.469Z weekly 0.6 https://kqlsearch.com/query/Anomalies-UEBA%20Anomalous%20Privilege%20Granted&clmo1wls4007kmc0j225zigtu 2023-09-17T22:50:46.468Z weekly 0.6 https://kqlsearch.com/query/Anomalies-UEBA%20Anomalous%20Password%20Reset&clmo1wgte007imc0j6yyclne4 2023-09-17T22:50:39.892Z weekly 0.6 https://kqlsearch.com/query/Anomalies-UEBA%20Anomalous%20Failed%20Sign-in&clmo1wb6g007gmc0jjfr73len 2023-09-17T22:50:32.728Z weekly 0.6 https://kqlsearch.com/query/Anomalies-UEBA%20Anomalous%20Defensive%20Mechanism%20Modification&clmo1w77o007emc0j4l3bgtuk 2023-09-17T22:50:27.587Z weekly 0.6 https://kqlsearch.com/query/Anomalies-UEBA%20Anomalous%20Data%20Destruction&clmo1w27b007cmc0jxnaj7sxe 2023-09-17T22:50:21.095Z weekly 0.6 https://kqlsearch.com/query/Anomalies-UEBA%20Anomalous%20Code%20Execution&clmo1vwxs007amc0jj05juual 2023-09-17T22:50:14.271Z weekly 0.6 https://kqlsearch.com/query/Anomalies-UEBA%20Anomalous%20Account%20Manipulation&clmo1vrzo0078mc0j3ig8x5pz 2023-09-17T22:50:07.859Z weekly 0.6 https://kqlsearch.com/query/Anomalies-UEBA%20Anomalous%20Account%20Deletion&clmo1vmk60076mc0jr735ldkl 2023-09-17T22:50:00.679Z weekly 0.6 https://kqlsearch.com/query/Anomalies-UEBA%20Anomalous%20Account%20Creation&clmo1vhfs0074mc0jxhzov2wv 2023-09-17T22:49:54.184Z weekly 0.6 https://kqlsearch.com/query/Anomalies-UEBA%20Anomalous%20Account%20Access%20Removal&clmo1vchb0072mc0j4yc7smmr 2023-09-17T22:49:47.758Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Suspicious%20volume%20of%20logins%20to%20user%20account%20with%20elevated%20token&clmo1v7hc0070mc0j3eeagvo4 2023-09-17T22:49:41.279Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Suspicious%20volume%20of%20logins%20to%20user%20account%20by%20logon%20types&clmo1v1oo006ymc0jujld46m7 2023-09-17T22:49:33.768Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Suspicious%20volume%20of%20logins%20to%20computer&clmo1uw4i006wmc0jtdrx1drt 2023-09-17T22:49:26.561Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Suspicious%20volume%20of%20logins%20to%20computer%20with%20elevated%20token&clmo1uqq3006umc0jbxknueb9 2023-09-17T22:49:19.421Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Suspicious%20volume%20of%20failed%20login%20attempts%20to%20AWS%20Console%20by%20each%20source%20IP%20address&clmo1ukuq006smc0j9w4q2u1d 2023-09-17T22:49:11.953Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Suspicious%20volume%20of%20failed%20login%20attempts%20to%20AWS%20Console%20by%20each%20group%20user%20account&clmo1ufzm006qmc0jeyexl4zd 2023-09-17T22:49:05.650Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Suspicious%20volume%20of%20AWS%20write%20API%20calls%20from%20a%20user%20account&clmo1ub23006omc0jpiwxqyxi 2023-09-17T22:48:59.117Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Suspicious%20volume%20of%20AWS%20cloud%20trail%20logs%20events%20of%20group%20user%20account%20by%20EventTypeName&clmo1u6db006mmc0j42cdt0el 2023-09-17T22:48:53.183Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Suspicious%20volume%20of%20AWS%20API%20calls%20from%20Non-AWS%20source%20IP%20address%20from%20a%20user%20account%20id%20per%20workspace%20on%20a%20daily%20basis&clmo1u0tq006kmc0jc06c6al9 2023-09-17T22:48:45.997Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Rare%20privileged%20process%20calls%20on%20a%20daily%20basis&clmo1tvep006imc0jpn75wblf 2023-09-17T22:48:38.976Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Potential%20data%20staging&clmo1tq9r006gmc0j9kdnfcly 2023-09-17T22:48:32.318Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Domain%20generation%20algorithm%20(DGA)%20on%20DNS%20domains&clmo1tk2j006emc0j64qggizr 2023-09-17T22:48:24.140Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Attempted%20user%20account%20bruteforce&clmo1tedq006cmc0jxvug8svj 2023-09-17T22:48:16.909Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Attempted%20user%20account%20bruteforce%20per%20failure%20reason&clmo1t9ae006amc0jhvdxwurw 2023-09-17T22:48:10.310Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Attempted%20computer%20bruteforce&clmo1t4nr0068mc0ji9wmjttl 2023-09-17T22:48:04.168Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Anomalous%20volume%20of%20privileged%20process%20calls%20of%20commonly%20seen%20windows%20attack%20vectors%20on%20a%20daily%20basis&clmo1sz0y0066mc0jhzunr46v 2023-09-17T22:47:57.009Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Anomalous%20user-app%20activities%20in%20Azure%20audit%20logs&clmo1stsk0064mc0jpymt5xf3 2023-09-17T22:47:50.228Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Anomalous%20user%20activities%20in%20Office%20Exchange&clmo1sosf0062mc0jtho5xg26 2023-09-17T22:47:43.599Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Anomalous%20local%20account%20creation&clmo1skcx0061mc0j6a3epgb5 2023-09-17T22:47:38.000Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Anomalous%20Process%20Path%20used%20by%20a%20user%20account&clmo1sfnk005zmc0jorqlphxf 2023-09-17T22:47:31.904Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Anomalous%20Azure%20operations&clmo1sajb005xmc0jj5242zr3 2023-09-17T22:47:25.128Z weekly 0.6 https://kqlsearch.com/query/Anomalies-Anomalous%20Azure%20AD%20sign-in%20sessions&clmo1s54e005vmc0jo4eydtig 2023-09-17T22:47:18.254Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-Malware%20file%20in%20SharePoint&clmo1rzzg005tmc0jy86k6yet 2023-09-17T22:47:11.596Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-Excessive%20SharePoint%20activity&clmo1rtya005rmc0jylb388u8 2023-09-17T22:47:03.777Z weekly 0.6 https://kqlsearch.com/query/Multiple-Correlate%20OfficeActivity%20to%20EmailEvents&clmo1rkqw005pmc0jp5o1xeez 2023-09-17T22:46:51.705Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-Activity%20with%20monitored%20Office%20file&clmo1rdbb005nmc0j7ugqcn0z 2023-09-17T22:46:42.214Z weekly 0.6 https://kqlsearch.com/query/ExternalData-pyWhat%20Regular%20expressions&clmo1r5yj005lmc0jqybgg046 2023-09-17T22:46:32.541Z weekly 0.6 https://kqlsearch.com/query/ExternalData-LOLBAS&clmo1r254005jmc0jat3wgav9 2023-09-17T22:46:27.735Z weekly 0.6 https://kqlsearch.com/query/ExternalData-Azure%20IP%20address%20ranges&clmo1qxx9005hmc0jeuz0po7v 2023-09-17T22:46:22.268Z weekly 0.6 https://kqlsearch.com/query/-Example%20scan%20operator&clmo1qu9j005gmc0jv5cf9eem 2023-09-17T22:46:17.385Z weekly 0.6 https://kqlsearch.com/query/-Example%20activity_counts_metrics&clmo1qmdk005emc0j3jxf2lbp 2023-09-17T22:46:07.303Z weekly 0.6 https://kqlsearch.com/query/Heartbeat-Last%20heartbeats&clmo1qhod005cmc0jsm3qdq3u 2023-09-17T22:46:01.070Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-A%20potentially%20malicious%20URL%20click%20was%20detected&clmo1qdhu005amc0jozfeb546 2023-09-17T22:45:55.793Z weekly 0.6 https://kqlsearch.com/query/Multiple-Sensitive%20account%20authentication%20in%20AD%20FS%20from%20unexpected%20device&clmo1q7hp0058mc0jlf6v8eyq 2023-09-17T22:45:47.870Z weekly 0.6 https://kqlsearch.com/query/IdentityQueryEvents-Suspicious%20LDAP%20query%20from%20unexpected%20device&clmo1pvps0056mc0jaf7yck1c 2023-09-17T22:45:32.751Z weekly 0.6 https://kqlsearch.com/query/IdentityQueryEvents-SAMR%20query%20enumerating%20users&clmo1posw0054mc0jry04ifvm 2023-09-17T22:45:23.650Z weekly 0.6 https://kqlsearch.com/query/IdentityQueryEvents-DNS%20zone%20transfer%20from%20unexpected%20device&clmo1phtl0052mc0j40prw638 2023-09-17T22:45:14.744Z weekly 0.6 https://kqlsearch.com/query/IdentityLogonEvents-Unexpected%20access%20to%20multiple%20devices&clmo1pc1g0050mc0j3117ll2t 2023-09-17T22:45:07.109Z weekly 0.6 https://kqlsearch.com/query/Multiple-VulnerabilitiesByCVE&clmo1oyq2004ymc0jpxsgpakr 2023-09-17T22:44:49.992Z weekly 0.6 https://kqlsearch.com/query/DeviceTvmSoftwareVulnerabilities-VulnerabilitiesBySoftware&clmo1os3m004wmc0jp0g504me 2023-09-17T22:44:41.409Z weekly 0.6 https://kqlsearch.com/query/DeviceTvmSoftwareVulnerabilities-VulnerabilitiesByDevice&clmo1omvz004umc0j8f1upyek 2023-09-17T22:44:34.655Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-Unusual%20number%20of%20failed%20sign-in%20attempts&clmo1oh04004smc0jxs81vumm 2023-09-17T22:44:27.027Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-Suspicious%20request%20to%20Kubernetes%20API&clmo1oawf004qmc0jr1hv4vse 2023-09-17T22:44:18.976Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-Script%20extension%20mismatch%20detected&clmo1o5kx004omc0j7lg8d2l8 2023-09-17T22:44:12.224Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-Rare%20SVCHOST%20service%20group%20executed&clmo1ny7e004mmc0jpbsocww6 2023-09-17T22:44:02.522Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-PsExec%20execution%20detected&clmo1nse7004kmc0jp9s8q2vt 2023-09-17T22:43:55.134Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-Possible%20exploitation%20of%20Hadoop%20Yarn&clmo1nmn5004imc0jkq6ft2sd 2023-09-17T22:43:47.680Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-Possible%20attack%20tool%20detected&clmo1ngo1004gmc0jzic01ks7 2023-09-17T22:43:39.794Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-Antimalware%20Action&clmo1nae4004emc0jz9szn8jk 2023-09-17T22:43:31.803Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-Anomalous%20access%20to%20Kubernetes%20secret&clmo1n20z004cmc0jc8hg1kk7 2023-09-17T22:43:20.821Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-Adaptive%20application%20control%20policy%20violation%20was%20audited&clmo1mwf6004amc0jn4hbn0l0 2023-09-17T22:43:13.698Z weekly 0.6 https://kqlsearch.com/query/SecurityAlert-A%20history%20file%20has%20been%20cleared&clmo1mqb40048mc0j15gqlttr 2023-09-17T22:43:05.634Z weekly 0.6 https://kqlsearch.com/query/Multiple-Virtual%20machines%20TVM%20vulnerability%20assessments&clmo1mkrg0046mc0jn1cv0c1k 2023-09-17T22:42:58.587Z weekly 0.6 https://kqlsearch.com/query/Multiple-Virtual%20machines%20SQL%20vulnerability%20assessments&clmo1mei90044mc0jzk0gzfq3 2023-09-17T22:42:50.339Z weekly 0.6 https://kqlsearch.com/query/Multiple-Virtual%20machines%20Qualys%20vulnerability%20assessments&clmo1m8ql0042mc0jpeyqsc3c 2023-09-17T22:42:43.004Z weekly 0.6 https://kqlsearch.com/query/Multiple-Container%20registry%20image%20vulnerability%20assessments&clmo1m1nx0040mc0jdnoityrg 2023-09-17T22:42:33.694Z weekly 0.6 https://kqlsearch.com/query/Multiple-Suspicious%20inbox%20manipulation%20rule&clmo1lrd6003zmc0jqxdnb1cu 2023-09-17T22:42:20.489Z weekly 0.6 https://kqlsearch.com/query/Multiple-Suspicious%20inbox%20forwarding%20rule&clmo1lb9r003xmc0jo4e526f6 2023-09-17T22:41:59.630Z weekly 0.6 https://kqlsearch.com/query/Multiple-Impossible%20travel%20activity%20alerts&clmo1l5pn003wmc0j1lpcw3pi 2023-09-17T22:41:52.285Z weekly 0.6 https://kqlsearch.com/query/Multiple-Activity%20from%20infrequent%20country&clmo1kyu5003vmc0jmsp310sm 2023-09-17T22:41:43.516Z weekly 0.6 https://kqlsearch.com/query/Multiple-Excessive%20rDNS%20queries&clmo1k5kr003tmc0jq010nks2 2023-09-17T22:41:05.594Z weekly 0.6 https://kqlsearch.com/query/Multiple-Excessive%20NXDOMAIN%20DNS%20queries&clmo1jyw2003smc0j0py0ihyh 2023-09-17T22:40:56.787Z weekly 0.6 https://kqlsearch.com/query/Multiple-DNS%20query%20ends%20with%20IP%20address&clmo1jpu6003rmc0jik6udw5y 2023-09-17T22:40:45.197Z weekly 0.6 https://kqlsearch.com/query/Multiple-DNS%20query%20contains%20IP%20address&clmo1jgho003qmc0j85tx9jvp 2023-09-17T22:40:32.941Z weekly 0.6 https://kqlsearch.com/query/Cisco_Umbrella_dns_CL-Monitored%20category%20DNS%20query%20-%20Reprehensible&clmo1hi5l003omc0jqshzddiv 2023-09-17T22:39:01.929Z weekly 0.6 https://kqlsearch.com/query/Cisco_Umbrella_dns_CL-Monitored%20category%20DNS%20query%20-%20Malicious&clmo1hare003nmc0jjkq27xkw 2023-09-17T22:38:52.203Z weekly 0.6 https://kqlsearch.com/query/Cisco_Umbrella_dns_CL-Monitored%20category%20DNS%20query%20-%20Filter%20avoidance&clmo1h4kr003mmc0jutqahr57 2023-09-17T22:38:44.330Z weekly 0.6 https://kqlsearch.com/query/SubscriptionInventoryLogs-Azure%20subscription%20modification&clmo1gyqb003lmc0jx8p32qxc 2023-09-17T22:38:36.612Z weekly 0.6 https://kqlsearch.com/query/Resources-Storage%20Accounts&clmo1gqhw003kmc0j7cckcnfr 2023-09-17T22:38:26.084Z weekly 0.6 https://kqlsearch.com/query/Multiple-Azure%20Virtual%20Machines&clmo1gnke003jmc0jrrjm6j6k 2023-09-17T22:38:22.285Z weekly 0.6 https://kqlsearch.com/query/Multiple-Azure%20RBAC%20role%20assignment&clmo1ggbv003imc0joqt5dudo 2023-09-17T22:38:12.764Z weekly 0.6 https://kqlsearch.com/query/AzureDiagnostics-Azure%20Firewall%20events&clmo1duw4003gmc0j4p17t2ns 2023-09-17T22:36:11.669Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-SdeletedeployedviaGPOandrunrecursively&clmo1dsch003emc0jysz8auid 2023-09-17T22:36:08.513Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-NonDCActiveDirectoryReplication&clmo1dmyq003cmc0jgfn56ibr 2023-09-17T22:36:01.537Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies&clmo1dhzs003amc0j4nla825m 2023-09-17T22:35:54.955Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-ExchangeOABVirtualDirectoryAttributeContainingPotentialWebshell&clmo1dd630038mc0jbm1pas3a 2023-09-17T22:35:48.842Z weekly 0.6 https://kqlsearch.com/query/Multiple-URLEntity_Syslog&clmo1d4sc0036mc0j3omutpn2 2023-09-17T22:35:37.838Z weekly 0.6 https://kqlsearch.com/query/Multiple-URLEntity_SecurityAlert&clmo1cr800035mc0jwvsjb4sd 2023-09-17T22:35:20.258Z weekly 0.6 https://kqlsearch.com/query/Multiple-URLEntity_OfficeActivity&clmo1cg310034mc0ja24aky52 2023-09-17T22:35:05.964Z weekly 0.6 https://kqlsearch.com/query/Multiple-URLEntity_EmailUrlInfo&clmo1c5fk0033mc0jeg50dxax 2023-09-17T22:34:52.018Z weekly 0.6 https://kqlsearch.com/query/Multiple-URLEntity_DeviceNetworkEvents&clmo1aasx0031mc0jchxuufll 2023-09-17T22:33:25.667Z weekly 0.6 https://kqlsearch.com/query/Multiple-URLEntity_AuditLogs&clmo1a04u0030mc0jw9cw7khq 2023-09-17T22:33:11.980Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_VMConnection&clmo19pkk002zmc0jd7z5dqss 2023-09-17T22:32:58.150Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_Syslog&clmo19bkz002xmc0jmilv5zvl 2023-09-17T22:32:40.162Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_StorageFileLogs&clmo192cv002vmc0jcxmb49t9 2023-09-17T22:32:28.206Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_StorageBlobLogs&clmo18sfu002tmc0j5c3rjyin 2023-09-17T22:32:15.213Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_SigninLogs&clmo18ita002rmc0j69lwyd8w 2023-09-17T22:32:02.877Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_SecurityAlert&clmo186mp002pmc0jw7zjr0yl 2023-09-17T22:31:47.088Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_OfficeActivity&clmo17wth002nmc0j2lbf4p49 2023-09-17T22:31:34.230Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_EmailEvents&clmo17hr2002lmc0jubsqxro9 2023-09-17T22:31:14.704Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_DnsEvents&clmo17545002jmc0jfulwur8u 2023-09-17T22:30:58.328Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_DeviceNetworkEvents&clmo16z6g002imc0jpt0eiyb3 2023-09-17T22:30:50.775Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_Azure_SQL&clmo16oa9002hmc0jtx6845az 2023-09-17T22:30:36.515Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_Azure_Kubernetes&clmo1676f002gmc0jmmrefycp 2023-09-17T22:30:14.344Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_Azure_Key_Vault&clmo15s33002fmc0jklh9g0o3 2023-09-17T22:29:54.784Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_Azure_Firewall&clmo14zdv002dmc0j6fudeef5 2023-09-17T22:29:16.670Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_Azure_Data_Lake&clmo14js4002bmc0jmwrwgvcz 2023-09-17T22:28:57.365Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_AzureActivity&clmo1341e0029mc0jcdbo0bk2 2023-09-17T22:27:50.449Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_AuditLogs&clmo12u920028mc0jlfzn3mmk 2023-09-17T22:27:37.623Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_AWSCloudTrail&clmo12lvm0027mc0jnjqderty 2023-09-17T22:27:26.913Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_ADFSSignInLogs&clmo12bn80026mc0ju03gooc3 2023-09-17T22:27:13.509Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_AADServicePrincipalSignInLogs&clmo11xnd0024mc0j8ro4gtsm 2023-09-17T22:26:55.370Z weekly 0.6 https://kqlsearch.com/query/Multiple-IPEntity_AADNonInteractiveUserSignInLogs&clmo11jnl0022mc0jmxtkhxkn 2023-09-17T22:26:37.234Z weekly 0.6 https://kqlsearch.com/query/Multiple-FileHashEntity_EmailAttachmentInfo&clmo1167p0020mc0jvm433od2 2023-09-17T22:26:19.813Z weekly 0.6 https://kqlsearch.com/query/Multiple-FileHashEntity_DeviceFileEvents&clmo10pzf001ymc0jg0lnt6ay 2023-09-17T22:25:58.780Z weekly 0.6 https://kqlsearch.com/query/Multiple-EmailEntity_SigninLogs&clmo10cqe001xmc0jmj7aq6sv 2023-09-17T22:25:41.749Z weekly 0.6 https://kqlsearch.com/query/Multiple-EmailEntity_SecurityAlert&clmo104in001wmc0jhzjx1a3p 2023-09-17T22:25:30.960Z weekly 0.6 https://kqlsearch.com/query/Multiple-EmailEntity_OfficeActivity&clmo0yb6q001umc0j9ieoru5e 2023-09-17T22:24:06.291Z weekly 0.6 https://kqlsearch.com/query/Multiple-EmailEntity_EmailEvents&clmo0xtw5001tmc0j8t357tij 2023-09-17T22:23:43.878Z weekly 0.6 https://kqlsearch.com/query/Multiple-EmailEntity_AzureActivity&clmo0whpc001rmc0j6juwrdcj 2023-09-17T22:22:41.425Z weekly 0.6 https://kqlsearch.com/query/Multiple-EmailEntity_AuditLogs&clmo0w3x4001qmc0ja1jz3nsv 2023-09-17T22:22:23.561Z weekly 0.6 https://kqlsearch.com/query/Multiple-EmailEntity_AADNonInteractiveUserSignInLogs&clmo0u8w6001omc0jv6zzq0yn 2023-09-17T22:20:56.696Z weekly 0.6 https://kqlsearch.com/query/Multiple-DomainEntity_VMConnection&clmo0tvqb001nmc0j327si8na 2023-09-17T22:20:39.637Z weekly 0.6 https://kqlsearch.com/query/Multiple-DomainEntity_Syslog&clmo0rrr5001lmc0j0okxf1vq 2023-09-17T22:19:01.171Z weekly 0.6 https://kqlsearch.com/query/Multiple-DomainEntity_SecurityAlert&clmo0r4wd001jmc0jusgf5aj1 2023-09-17T22:18:31.550Z weekly 0.6 https://kqlsearch.com/query/Multiple-DomainEntity_OfficeActivity&clmo0qjd3001imc0jrlpj4lr5 2023-09-17T22:18:03.782Z weekly 0.6 https://kqlsearch.com/query/Multiple-DomainEntity_EmailUrlInfo&clmo0q9md001hmc0jv1g8pl77 2023-09-17T22:17:51.015Z weekly 0.6 https://kqlsearch.com/query/Multiple-DomainEntity_EmailEvents&clmo0proo001gmc0jzvmgbmbg 2023-09-17T22:17:27.911Z weekly 0.6 https://kqlsearch.com/query/Multiple-DomainEntity_DnsEvents&clmo0pgpg001fmc0j0xjcbkz2 2023-09-17T22:17:13.541Z weekly 0.6 https://kqlsearch.com/query/Multiple-DomainEntity_DeviceNetworkEvents&clmo0p09w001dmc0jagnqw3te 2023-09-17T22:16:52.245Z weekly 0.6 https://kqlsearch.com/query/Multiple-DomainEntity_Cisco_Umbrella_dns_CL&clmo0oet5001bmc0jp9k3zkz8 2023-09-17T22:16:24.426Z weekly 0.6 https://kqlsearch.com/query/Multiple-DomainEntity_AuditLogs&clmo0nxf10019mc0jgsqfrvcf 2023-09-17T22:16:01.886Z weekly 0.6 https://kqlsearch.com/query/Multiple-KeyvaultMassSecretRetrieval&clmo0nkjk0017mc0jh4akz7jv 2023-09-17T22:15:45.202Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-DisabledAccountSigninsAcrossManyApplications&clmo0n7rz0015mc0jyc9cpkek 2023-09-17T22:15:28.656Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-AppOrServicePrincipalCredential&clmo0muq40014mc0j9bmnkzcz 2023-09-17T22:15:11.883Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-powershell_empire&clmo0mke50013mc0j5l4bug45 2023-09-17T22:14:58.349Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-RDP_RareConnection&clmo0l8050011mc0j2djo1kar 2023-09-17T22:13:55.780Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Application%20consent%20or%20assignment&clmo0kxt10010mc0jg27d8owg 2023-09-17T22:13:42.564Z weekly 0.6 https://kqlsearch.com/query/Multiple-Unfamiliar%20sign-in%20properties&clmo0kkbp000zmc0judsuvxe4 2023-09-17T22:13:25.092Z weekly 0.6 https://kqlsearch.com/query/Multiple-Risky%20account%20changed%20authentication%20method&clmo0kaux000ymc0jxbjl3pol 2023-09-17T22:13:12.682Z weekly 0.6 https://kqlsearch.com/query/Multiple-Malicious%20IP%20address&clmo0k3lp000xmc0j0kixo8bg 2023-09-17T22:13:03.420Z weekly 0.6 https://kqlsearch.com/query/Multiple-Azure%20AD%20Identity%20Protection%20alerts&clmo0jffz000vmc0jgxhbdii4 2023-09-17T22:12:31.968Z weekly 0.6 https://kqlsearch.com/query/Multiple-Atypical%20travel&clmo0j7cp000tmc0jcspma2sj 2023-09-17T22:12:21.624Z weekly 0.6 https://kqlsearch.com/query/Multiple-Anonymous%20IP%20address&clmo0j0yv000rmc0jq2578k8p 2023-09-17T22:12:13.209Z weekly 0.6 https://kqlsearch.com/query/Multiple-Anomalous%20Token&clmo0itzk000pmc0jbaxz6m29 2023-09-17T22:12:04.303Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS%20account%20created&clmo0ik7f000nmc0jyq32wb0g 2023-09-17T22:11:51.484Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Unexpected%20AD%20attributes%20accessed&clmo0ibcy000mmc0jo6utzj5a 2023-09-17T22:11:40.161Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Activity%20with%20monitored%20AD%20group&clmo0i4vs000kmc0jl1oe27e9 2023-09-17T22:11:31.625Z weekly 0.6 https://kqlsearch.com/query/Parsing-AzureFirewallLogs-AzureDiagnostics&clmo0hltz000imc0jdtfm6nfo 2023-09-17T22:11:06.935Z weekly 0.6 https://kqlsearch.com/query/Parsing-AzureFirewallLogs-AZFW*&clmo0g976000gmc0jj49fb384 2023-09-17T22:10:04.049Z weekly 0.6 https://kqlsearch.com/query/UserRiskStatus&clmnzwzqt001f5i44y3bkyvua 2023-09-17T21:55:05.332Z weekly 0.6 https://kqlsearch.com/query/ListDomainControllers&clmnzwvc1001e5i44t1xi4lxg 2023-09-17T21:54:59.608Z weekly 0.6 https://kqlsearch.com/query/ListAllActionsAndOperations&clmnzwryo001d5i44nfdb4tl1 2023-09-17T21:54:55.247Z weekly 0.6 https://kqlsearch.com/query/LastPowerShellExecutions&clmnzwnz3001c5i44hwzpapwi 2023-09-17T21:54:50.078Z weekly 0.6 https://kqlsearch.com/query/IsDomainController&clmnzwih7001b5i44zg7uktnb 2023-09-17T21:54:42.946Z weekly 0.6 https://kqlsearch.com/query/DeviceCommandLinePublicIPs&clmnzwcfh001a5i44vz8jy16r 2023-09-17T21:54:35.116Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20MostInteractiveSignInsByUser&clmnzw72w00195i44iz17d031 2023-09-17T21:54:28.183Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20ClearTextLDAPSignIns&clmnzw3hz00185i447yje2qtz 2023-09-17T21:54:23.534Z weekly 0.6 https://kqlsearch.com/query/UserAddedToSensitiveGroup&clmnzvzsi00175i44m7eail2z 2023-09-17T21:54:18.737Z weekly 0.6 https://kqlsearch.com/query/SMBFileCopy&clmnzvub500165i44ylff4d9x 2023-09-17T21:54:11.633Z weekly 0.6 https://kqlsearch.com/query/PotentialKerberosEncryptionDowngrade&clmnzvpb000155i44rgslac41 2023-09-17T21:54:05.139Z weekly 0.6 https://kqlsearch.com/query/PasswordChangeAfterSuccesfulBruteForce&clmnzvlv200145i44fy7etrwx 2023-09-17T21:54:00.685Z weekly 0.6 https://kqlsearch.com/query/NewLateralMovementPathToSensitiveAccountIdentified&clmnzvg1u00135i442pklvzm6 2023-09-17T21:53:53.153Z weekly 0.6 https://kqlsearch.com/query/AnomalousLDAPTraffic&clmnzvbdh00125i448bcsa7bv 2023-09-17T21:53:47.085Z weekly 0.6 https://kqlsearch.com/query/AnomalousGroupPolicyDiscovery&clmnzv19q00115i44u497vwnv 2023-09-17T21:53:33.997Z weekly 0.6 https://kqlsearch.com/query/AccountWithPasswordNeverExpiresEnabled&clmnzuxsf00105i44txmqz8bh 2023-09-17T21:53:29.478Z weekly 0.6 https://kqlsearch.com/query/WindowsNetworkSniffing&clmnzutvs000z5i44xd7kbh3e 2023-09-17T21:53:24.423Z weekly 0.6 https://kqlsearch.com/query/WMICAntivirusDiscovery&clmnzuqv3000y5i44rewyz416 2023-09-17T21:53:20.510Z weekly 0.6 https://kqlsearch.com/query/Visualization-%20%20DefenderMachineGroups&clmnzule0000x5i44sxgt8rmi 2023-09-17T21:53:13.415Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20UnauthorizedLogonsByAccount&clmnzuj0p000w5i44xi46qvcp 2023-09-17T21:53:10.336Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20SysinternalToolUsage&clmnzudbu000v5i447b2s7cw1 2023-09-17T21:53:02.969Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20LogonFailureReasons&clmnzua9i000u5i441u9q7voc 2023-09-17T21:52:58.997Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20InspectedNetworkSignatures&clmnzu7bw000t5i44swen5cj7 2023-09-17T21:52:55.188Z weekly 0.6 https://kqlsearch.com/query/SmartScreenOverride&clmnzu36b000s5i44dsza2r4n 2023-09-17T21:52:49.810Z weekly 0.6 https://kqlsearch.com/query/SmartScreenEvents&clmnzu0cp000r5i44khyy7a9a 2023-09-17T21:52:46.152Z weekly 0.6 https://kqlsearch.com/query/ShadowCopyDeletion&clmnztutl000q5i44jp8srwix 2023-09-17T21:52:38.977Z weekly 0.6 https://kqlsearch.com/query/SecurityLogCleared&clmnztra3000p5i44ti879466 2023-09-17T21:52:34.395Z weekly 0.6 https://kqlsearch.com/query/SMBSessionsGeneratedByFile&clmnztnkd000o5i44ddag5q1p 2023-09-17T21:52:29.580Z weekly 0.6 https://kqlsearch.com/query/SMBSessionsByFileName&clmnztklq000n5i44oudteg0i 2023-09-17T21:52:25.742Z weekly 0.6 https://kqlsearch.com/query/SMBSessionsByDevice&clmnzthtb000m5i44l878gael 2023-09-17T21:52:22.118Z weekly 0.6 https://kqlsearch.com/query/RunasWithSavedCredentials&clmnztcxs000l5i44euhu5mvc 2023-09-17T21:52:15.807Z weekly 0.6 https://kqlsearch.com/query/RemoteSMBConnection&clmnzt7wd000j5i44w9tu4tax 2023-09-17T21:52:09.276Z weekly 0.6 https://kqlsearch.com/query/Regsvr32StartedByOfficeApplication&clmnzt44m000h5i4495b8585s 2023-09-17T21:52:04.389Z weekly 0.6 https://kqlsearch.com/query/RareISOFile&clmnzt0d1000f5i447zwspj4m 2023-09-17T21:51:59.508Z weekly 0.6 https://kqlsearch.com/query/RareConnectionsMadeByOffice&clmnzsw92000d5i44yin680u8 2023-09-17T21:51:54.180Z weekly 0.6 https://kqlsearch.com/query/RansomwareNoteFound&clmnzss3q000b5i443yk6vbpn 2023-09-17T21:51:48.805Z weekly 0.6 https://kqlsearch.com/query/RansomwareExtensionFound&clmnzsoge000a5i44cqaka2os 2023-09-17T21:51:44.077Z weekly 0.6 https://kqlsearch.com/query/RansomwareDoubleExtention&clmnzsgzs00085i449gnr26ea 2023-09-17T21:51:34.399Z weekly 0.6 https://kqlsearch.com/query/KillNetRansomwareDetection&clmnzsb9f00065i44tra94x00 2023-09-17T21:51:26.978Z weekly 0.6 https://kqlsearch.com/query/QakbotPostCompromiseCommandsExecuted&clmnzs7t700045i44xnpo8xxq 2023-09-17T21:51:22.505Z weekly 0.6 https://kqlsearch.com/query/PublicFacingDeviceScanned&clmnzs3v500025i44skw8fqis 2023-09-17T21:51:17.392Z weekly 0.6 https://kqlsearch.com/query/PowerShellEncodedWebRequests&clmnzs03v00005i44ks58nm3e 2023-09-17T21:51:12.522Z weekly 0.6 https://kqlsearch.com/query/PowerShellEncodedReconActivities&clmnzhpek001y5isk6hh4jozz 2023-09-17T21:43:12.091Z weekly 0.6 https://kqlsearch.com/query/PowerShellEncodedCommandsExecuted&clmnzhl8d001x5isklj6rn2cy 2023-09-17T21:43:06.676Z weekly 0.6 https://kqlsearch.com/query/PowerShellEncodedCommandsByDevice&clmnzheh4001w5isk6jnba1ks 2023-09-17T21:42:57.927Z weekly 0.6 https://kqlsearch.com/query/PSExecExecutions&clmnzh8xd001v5iskdtbkdn0v 2023-09-17T21:42:50.728Z weekly 0.6 https://kqlsearch.com/query/NewSysinternalToolDetected&clmnzh444001u5iskueie8k04 2023-09-17T21:42:44.499Z weekly 0.6 https://kqlsearch.com/query/NewRDPConnections&clmnzgzg7001t5iskuwkei7vh 2023-09-17T21:42:38.454Z weekly 0.6 https://kqlsearch.com/query/Network%20-%20OpenRemoteServicePorts&clmnzguua001s5isk9dujvzuh 2023-09-17T21:42:32.473Z weekly 0.6 https://kqlsearch.com/query/Network%20-%20OpenDatabasePorts&clmnzgrl7001r5iskw6ytqnwg 2023-09-17T21:42:28.266Z weekly 0.6 https://kqlsearch.com/query/Network%20-%20InterestingOpenPorts&clmnzgonx001q5iskrlnwqggl 2023-09-17T21:42:24.476Z weekly 0.6 https://kqlsearch.com/query/Network%20-%20DevicesWithMostOpenPorts&clmnzgk5q001o5iskll19bz6e 2023-09-17T21:42:18.638Z weekly 0.6 https://kqlsearch.com/query/Network%20-%20AnyDeskConnectionToPublicIP&clmnzggqn001m5iskvtnrs2g3 2023-09-17T21:42:14.198Z weekly 0.6 https://kqlsearch.com/query/LocalFirewallDeletions&clmnzgckq001k5iska2jyd0b0 2023-09-17T21:42:08.810Z weekly 0.6 https://kqlsearch.com/query/LocalFirewallAdditions&clmnzg8j0001i5iskcryz4zrw 2023-09-17T21:42:03.563Z weekly 0.6 https://kqlsearch.com/query/LocalAdminsWithTheMostDevicesAccessed&clmnzg4vs001g5isk8kuc7z3i 2023-09-17T21:41:58.831Z weekly 0.6 https://kqlsearch.com/query/LocalAccountCreated&clmnzg091001e5iskx9qm5ith 2023-09-17T21:41:52.836Z weekly 0.6 https://kqlsearch.com/query/WMICRemoteCommand&clmnzfubn001c5iskya40r4x3 2023-09-17T21:41:45.154Z weekly 0.6 https://kqlsearch.com/query/NewLOLBinExternalConnection&clmnzfqaw001a5isk1cavfxjw 2023-09-17T21:41:39.935Z weekly 0.6 https://kqlsearch.com/query/LOTSUsage&clmnzfjph00185iskyw5sppfe 2023-09-17T21:41:31.396Z weekly 0.6 https://kqlsearch.com/query/LOLDriverUsage&clmnzfcvb00165isk6rcc0gik 2023-09-17T21:41:22.526Z weekly 0.6 https://kqlsearch.com/query/LOLBinStatistics&clmnzf82400145iskyw882d92 2023-09-17T21:41:16.299Z weekly 0.6 https://kqlsearch.com/query/ListTamperingAttempts&clmnzf4lp00125iskj59wbmx3 2023-09-17T21:41:11.820Z weekly 0.6 https://kqlsearch.com/query/Linux%20-%20UsersAddedToSudoersGroup&clmnzeyvu00105iskruktcwft 2023-09-17T21:41:04.401Z weekly 0.6 https://kqlsearch.com/query/HTTPRequestMethodsStatistics&clmnzev1g000y5iskpfu6z1od 2023-09-17T21:40:59.427Z weekly 0.6 https://kqlsearch.com/query/HTTPExecutableFilesDownloaded&clmnzerll000w5isk3zqax3e8 2023-09-17T21:40:54.969Z weekly 0.6 https://kqlsearch.com/query/HTTPDownloadsByFileExtention&clmnzemzv000u5iskztxdqhb5 2023-09-17T21:40:48.994Z weekly 0.6 https://kqlsearch.com/query/ExploitGuardNetworkProtection&clmnzeima000s5iskh3eifr44 2023-09-17T21:40:43.328Z weekly 0.6 https://kqlsearch.com/query/ExecutableFilesPublicFolder&clmnzeevw000q5iskrb2zdumq 2023-09-17T21:40:38.491Z weekly 0.6 https://kqlsearch.com/query/Discovery%20-%20DatabaseServices&clmnze9zm000o5iskj2y9nhjt 2023-09-17T21:40:32.137Z weekly 0.6 https://kqlsearch.com/query/DevicesWithTheMostSMBSessions&clmnze4r7000m5iskq9257oxx 2023-09-17T21:40:25.362Z weekly 0.6 https://kqlsearch.com/query/DevicesWithMostSMBConnections&clmnze1uw000k5iskpqs6c4ad 2023-09-17T21:40:21.607Z weekly 0.6 https://kqlsearch.com/query/BloodHoundProcessDetection&clmnzdwgh000i5isknqvv8ydw 2023-09-17T21:40:14.601Z weekly 0.6 https://kqlsearch.com/query/AnomalousSMBSessionsCreated&clmnzdrj5000g5iskn4qlgp9s 2023-09-17T21:40:08.225Z weekly 0.6 https://kqlsearch.com/query/Pivot%20-%20ASRTriggers&clmnzdkcr000e5isk7j7ahzzw 2023-09-17T21:39:58.914Z weekly 0.6 https://kqlsearch.com/query/AsrRansomware&clmnzdh3p000c5iskm4g5moe0 2023-09-17T21:39:54.708Z weekly 0.6 https://kqlsearch.com/query/AsrExecutableOfficeContent&clmnzdbgj000a5isksmtepicc 2023-09-17T21:39:47.394Z weekly 0.6 https://kqlsearch.com/query/ASR-RulesTriggeredByDevice&clmnzd71600085isky74khjsu 2023-09-17T21:39:41.649Z weekly 0.6 https://kqlsearch.com/query/AMSIScriptDetections&clmnzd3t600065iskd4yw4ohf 2023-09-17T21:39:37.481Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20OutdatedOSUsed&clmnzd0h000045iskzwd2x83g 2023-09-17T21:39:33.155Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20OperationsPerformed&clmnzcwsm00025iskg7s4tyka 2023-09-17T21:39:28.390Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20HardDeletionsByUser&clmnzctgx00005isk5wf7i4uj 2023-09-17T21:39:24.080Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20ActionsPerformed&clmnz6klh001e5imcybiojt55 2023-09-17T21:34:32.644Z weekly 0.6 https://kqlsearch.com/query/SupressionRuleCreations&clmnz6gzq001d5imcqpc891v8 2023-09-17T21:34:27.974Z weekly 0.6 https://kqlsearch.com/query/RiskyIPActivities&clmnz6di4001c5imck37vg0c3 2023-09-17T21:34:23.443Z weekly 0.6 https://kqlsearch.com/query/MostImpersonatorsByAccount&clmnz6a1x001b5imcohrf52w1 2023-09-17T21:34:18.980Z weekly 0.6 https://kqlsearch.com/query/MaliciousEmailDeliveredInMailbox&clmnz64he001a5imc1v0suuql 2023-09-17T21:34:11.762Z weekly 0.6 https://kqlsearch.com/query/MITREBehaviors&clmnz5zul00195imc1efiyruz 2023-09-17T21:34:05.749Z weekly 0.6 https://kqlsearch.com/query/HardUserDelete&clmnz5u5a00185imci8z7kbbg 2023-09-17T21:33:58.365Z weekly 0.6 https://kqlsearch.com/query/FileContainingMalwareDetected&clmnz5qbt00175imc98db76ts 2023-09-17T21:33:53.417Z weekly 0.6 https://kqlsearch.com/query/ExternalAdminActivities&clmnz5mse00165imcju9d0pv2 2023-09-17T21:33:48.821Z weekly 0.6 https://kqlsearch.com/query/DefenseEvasionAlerts&clmnz5ids00155imcidxzbjix 2023-09-17T21:33:43.120Z weekly 0.6 https://kqlsearch.com/query/AnonymousProxyEvents&clmnz5dqu00145imcgx3ptb0s 2023-09-17T21:33:37.110Z weekly 0.6 https://kqlsearch.com/query/AccountsWithMostImpersonatedActions&clmnz58wp00135imcp35koewy 2023-09-17T21:33:30.832Z weekly 0.6 https://kqlsearch.com/query/ATPDetectionEvents&clmnz4zda00125imcniptrxxu 2023-09-17T21:33:18.478Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity%20-%20OfficeActivitiesCompromisedAccount&clmnz4v8w00115imca6cy8xys 2023-09-17T21:33:13.135Z weekly 0.6 https://kqlsearch.com/query/MDI%20-%20Lateral-Movement-By-Compromised-Accounts&clmnz4pxe00105imc1mvt5vke 2023-09-17T21:33:06.234Z weekly 0.6 https://kqlsearch.com/query/MDI%20-%20LDAPQueriesByCompromisedDevice&clmnz4ltj000z5imcd4yd4xrf 2023-09-17T21:33:00.919Z weekly 0.6 https://kqlsearch.com/query/MDI%20-%20Devices-Accessed-By-Compromised-Device&clmnz4ih3000y5imchhk0mi9n 2023-09-17T21:32:56.583Z weekly 0.6 https://kqlsearch.com/query/MDI%20-%20ADGroupAdditions&clmnz4e3a000x5imcchc1scfx 2023-09-17T21:32:50.894Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20UrlsOpenedWithOutlookFromCompromisedDevice&clmnz46ib000w5imc0hc5wk7x 2023-09-17T21:32:41.074Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20URLLookup&clmnz420e000v5imcb1wiqqj8 2023-09-17T21:32:35.237Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20TriggeredASREventsFromCompromisedDevice&clmnz3ty3000u5imcu1qa7eb8 2023-09-17T21:32:24.794Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20Registry-Run-Keys-Forensics&clmnz3q53000t5imcq6s0mrwh 2023-09-17T21:32:19.853Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20Open-SMB-Connections-By-Compromised-Device&clmnz392c000s5imcmcbk8p47 2023-09-17T21:31:57.732Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20MostRecentPowershellExecutionsByCompromisedDevice&clmnz35uc000r5imc7trd7t2w 2023-09-17T21:31:53.555Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20MD365-EmailAttachmentsSendFromCompromisedMailbox&clmnz32sv000q5imcahyfvj9v 2023-09-17T21:31:49.607Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20ListMaliciousActivities&clmnz2xf1000p5imc6n5ppogp 2023-09-17T21:31:42.636Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20InternalConnectionsMadeByCompromisedDevice&clmnz2qvg000o5imczgzvxlsh 2023-09-17T21:31:34.147Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20InboundConnectionsCompromisedDevice&clmnz2h14000n5imc0i89h0zr 2023-09-17T21:31:21.399Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20IPLookup&clmnz2d9n000m5imc7ivi5a3d 2023-09-17T21:31:16.523Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20FileEnrichmentOnSuspiciousFile&clmnz25t2000l5imcvcmvdrxp 2023-09-17T21:31:06.845Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20Connections-Made-By-Office-Compromised-Device&clmnz21f0000k5imcom0gxa7z 2023-09-17T21:31:01.163Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20BrowserLaunchedToOpenUrlByCompromisedDevice&clmnz1wnj000j5imc36khuuoj 2023-09-17T21:30:54.990Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20Antivirus-Detections-by-Compromised-Device&clmnz1pwf000i5imc8ymxithd 2023-09-17T21:30:46.231Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20AllProcessesCreatedByMaliciousFile&clmnz1jst000h5imcnfomxsg8 2023-09-17T21:30:38.332Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20UserRiskEvents&clmnz1f63000g5imca1sq0356 2023-09-17T21:30:32.331Z weekly 0.6 https://kqlsearch.com/query/Visualization%20-%20PimActivation&clmnz1c5p000f5imc17k8rjy9 2023-09-17T21:30:28.420Z weekly 0.6 https://kqlsearch.com/query/Top10UsersWithTheMostSignInIPsUsed&clmnz18eg000e5imcmo2jiyny 2023-09-17T21:30:23.559Z weekly 0.6 https://kqlsearch.com/query/SignInsByUserAgent&clmnz14sq000d5imc4kwb14oz 2023-09-17T21:30:18.890Z weekly 0.6 https://kqlsearch.com/query/SignInsByOS&clmnz102s000c5imc1j49syrv 2023-09-17T21:30:12.764Z weekly 0.6 https://kqlsearch.com/query/SecurityAlertTriggeredByRiskyUser&clmnz0v92000b5imc6xqj2xdi 2023-09-17T21:30:06.518Z weekly 0.6 https://kqlsearch.com/query/NewUserAgentUsed&clmnz0qhs000a5imcz5xozj1z 2023-09-17T21:30:00.351Z weekly 0.6 https://kqlsearch.com/query/NewAuthenticationAppDetected&clmnz0lhe00095imck4lb7gj8 2023-09-17T21:29:53.850Z weekly 0.6 https://kqlsearch.com/query/GuestUsersWithADRoles&clmnz0f1900085imcmc3o4ut1 2023-09-17T21:29:45.501Z weekly 0.6 https://kqlsearch.com/query/CloudPersistenceActivityByUserAtRisk&clmnz09o200065imces2vbfsm 2023-09-17T21:29:38.545Z weekly 0.6 https://kqlsearch.com/query/CloudDiscoveryByUserAtRisk&clmnz05w300045imc9uuirtk8 2023-09-17T21:29:33.642Z weekly 0.6 https://kqlsearch.com/query/AzureADDownloadAllUsers&clmnz00y500025imcij6wqf5r 2023-09-17T21:29:27.244Z weekly 0.6 https://kqlsearch.com/query/ADRoleAdditions&clmnyzxif00005imcffbwq9jw 2023-09-17T21:29:22.790Z weekly 0.6 https://kqlsearch.com/query/TopLevelDomains&clmnymyzs00225i4sooju29dz 2023-09-17T21:19:18.175Z weekly 0.6 https://kqlsearch.com/query/BlockedURLs&clmnymrvf00205i4syopzfcov 2023-09-17T21:19:08.955Z weekly 0.6 https://kqlsearch.com/query/Template&clmnymm0q001y5i4sk47h81wz 2023-09-17T21:19:01.361Z weekly 0.6 https://kqlsearch.com/query/Azure%20Active%20Directory%20-%20TI%20map%20IP%20entity%20to%20SigninLogs&clmnymjqw001x5i4stqitcyea 2023-09-17T21:18:58.424Z weekly 0.6 https://kqlsearch.com/query/Azure%20Active%20Directory%20-%20Suspicious%20Resource%20deployment&clmnymcak001v5i4see249zd5 2023-09-17T21:18:48.763Z weekly 0.6 https://kqlsearch.com/query/Azure%20Active%20Directory%20-%20Password%20spray%20attack%20against%20Azure%20AD%20application&clmnym8ow001t5i4s6417bpth 2023-09-17T21:18:44.088Z weekly 0.6 https://kqlsearch.com/query/mapping&clmnym38w001r5i4sjvfkf7v8 2023-09-17T21:18:37.039Z weekly 0.6 https://kqlsearch.com/query/MDO%20-%20Email%20Attachment%20File%20Extensions&clmnylw8w001p5i4stmvcu57h 2023-09-17T21:18:27.959Z weekly 0.6 https://kqlsearch.com/query/MDE-Windows%20Server%20-%20Missing%20Security%20Updates&clmnylqmf001n5i4sdkxhrhx8 2023-09-17T21:18:20.678Z weekly 0.6 https://kqlsearch.com/query/MDE-Windows%2010%20-%20Missing%20Security%20Updates&clmnyljaj001l5i4s38f8m5tq 2023-09-17T21:18:11.170Z weekly 0.6 https://kqlsearch.com/query/MDE-TVM-Exposure-VulnerabilitySeverityLevel&clmnylfpk001j5i4sxuzrmhd3 2023-09-17T21:18:06.535Z weekly 0.6 https://kqlsearch.com/query/MDE-Linux-RedHat%20-%20Missing%20Security%20Updates&clmnylb3j001h5i4s88h47ue7 2023-09-17T21:18:00.558Z weekly 0.6 https://kqlsearch.com/query/MDE-DefenderNetworkProtectionEvents&clmnyl5u4001f5i4s40y4xupy 2023-09-17T21:17:53.732Z weekly 0.6 https://kqlsearch.com/query/MDE-Zeek&clmnykyyf001d5i4smc92wcfb 2023-09-17T21:17:44.822Z weekly 0.6 https://kqlsearch.com/query/MDE-Windows%2010%20LTSC%20Inventory&clmnyktzm001b5i4sw4rylm5l 2023-09-17T21:17:38.385Z weekly 0.6 https://kqlsearch.com/query/MDE-WMIEventSubscription&clmnyko2f00195i4snfyvr0ph 2023-09-17T21:17:30.702Z weekly 0.6 https://kqlsearch.com/query/MDE-WDACBlockList&clmnykkfa00175i4s12odxd57 2023-09-17T21:17:25.989Z weekly 0.6 https://kqlsearch.com/query/MDE-Unified%20Agent&clmnykgft00155i4syxb5j02y 2023-09-17T21:17:20.824Z weekly 0.6 https://kqlsearch.com/query/MDE-TroubleshootingMode&clmnykbgi00135i4s1zz3hc7t 2023-09-17T21:17:14.361Z weekly 0.6 https://kqlsearch.com/query/MDE-Tampering&clmnyk3k100115i4sodobd5z1 2023-09-17T21:17:04.128Z weekly 0.6 https://kqlsearch.com/query/MDE-PUA%20Detections&clmnyjzkp000z5i4s4346ncjs 2023-09-17T21:16:58.968Z weekly 0.6 https://kqlsearch.com/query/MDE-Offboarding&clmnyjvb7000y5i4sfrxv57a8 2023-09-17T21:16:53.434Z weekly 0.6 https://kqlsearch.com/query/MDE-NTFS%20File%20Attributes%20-%20alternate%20data%20streams&clmnyjs22000x5i4sjr7g57q4 2023-09-17T21:16:49.225Z weekly 0.6 https://kqlsearch.com/query/MDE-MMA-Update&clmnyjpav000w5i4sr02w5bv9 2023-09-17T21:16:45.654Z weekly 0.6 https://kqlsearch.com/query/MDE-InternetFacing&clmnyjlac000v5i4s9a47kfgx 2023-09-17T21:16:40.452Z weekly 0.6 https://kqlsearch.com/query/MDE-GroupPolicyModificationEvents&clmnyjhax000u5i4s5bnogjt3 2023-09-17T21:16:35.280Z weekly 0.6 https://kqlsearch.com/query/MDE-DeviceInventory%20-%20Network-IoT&clmnyj6hi000s5i4sisebbbg1 2023-09-17T21:16:21.270Z weekly 0.6 https://kqlsearch.com/query/MDE-DeviceDiscovery_SeenBy&clmnyiygj000q5i4sql98jsh0 2023-09-17T21:16:10.866Z weekly 0.6 https://kqlsearch.com/query/MDE-DeviceDiscovery&clmnyip0w000o5i4sph2s5osh 2023-09-17T21:15:58.631Z weekly 0.6 https://kqlsearch.com/query/MDE-DefenderSmartScreenEvents&clmnyigut000n5i4sjdw5ue8v 2023-09-17T21:15:48.052Z weekly 0.6 https://kqlsearch.com/query/MDE-DefenderEngine&clmnyicpm000m5i4sxk777qgv 2023-09-17T21:15:42.674Z weekly 0.6 https://kqlsearch.com/query/MDE-AmsiScriptDetection&clmnyi2k6000l5i4sulxa4pqn 2023-09-17T21:15:29.525Z weekly 0.6 https://kqlsearch.com/query/MDE-ASR%20State&clmnyhx6x000k5i4suvkem1bc 2023-09-17T21:15:22.560Z weekly 0.6 https://kqlsearch.com/query/MDE%20-%20Detection%20-%20Removal%20and%20Quarantine%20actions&clmnyhpoh000j5i4svr0h9v9a 2023-09-17T21:15:12.832Z weekly 0.6 https://kqlsearch.com/query/MDE-ExploitGuard&clmnyhj9o000i5i4sbt8zeosn 2023-09-17T21:15:04.515Z weekly 0.6 https://kqlsearch.com/query/MDE-FirewallEvents&clmnyhg79000h5i4s3m4rpq0v 2023-09-17T21:15:00.548Z weekly 0.6 https://kqlsearch.com/query/MCAS-ShadowReporting&clmnyhchy000g5i4sdriyc7d8 2023-09-17T21:14:55.748Z weekly 0.6 https://kqlsearch.com/query/EASM-Usage&clmnyh5ns000f5i4sv5r9ueob 2023-09-17T21:14:46.880Z weekly 0.6 https://kqlsearch.com/query/EASM-Risky%20Assets&clmnygzqw000e5i4sk16ygmlw 2023-09-17T21:14:39.223Z weekly 0.6 https://kqlsearch.com/query/EASM-OpenPorts&clmnyguwj000d5i4s7od5x1qr 2023-09-17T21:14:32.947Z weekly 0.6 https://kqlsearch.com/query/MD365-PasswordSprayAttacks&clmnygqzg000c5i4sjsdfq71d 2023-09-17T21:14:27.859Z weekly 0.6 https://kqlsearch.com/query/MD365%20-%20SafeDocs&clmnygi9o000a5i4sxqx09a6k 2023-09-17T21:14:16.572Z weekly 0.6 https://kqlsearch.com/query/Azure%20Resource%20Graph&clmnygdc700085i4snzusgmkn 2023-09-17T21:14:10.175Z weekly 0.6 https://kqlsearch.com/query/AzureAD-PowerShell&clmnyg0ag00065i4sjsopazrz 2023-09-17T21:13:53.272Z weekly 0.6 https://kqlsearch.com/query/AzureAD-ConditionalAccessPolicyChanges&clmnyfudp00045i4soprq1y1p 2023-09-17T21:13:45.605Z weekly 0.6 https://kqlsearch.com/query/AppG-AppActivities&clmnyfrbb00025i4sgtvfozc2 2023-09-17T21:13:41.639Z weekly 0.6 https://kqlsearch.com/query/AD-ExtractUserOU&clmnyfmcz00005i4sd08vpy06 2023-09-17T21:13:35.217Z weekly 0.6 https://kqlsearch.com/query/wmi3&clmnyb9d5000a5ip40sbjf6y4 2023-09-17T21:10:11.743Z weekly 0.6 https://kqlsearch.com/query/wmi2&clmnyb4wy00095ip4s3vtmenr 2023-09-17T21:10:05.985Z weekly 0.6 https://kqlsearch.com/query/wmi1&clmnyaysb00075ip4qz8iemur 2023-09-17T21:09:58.042Z weekly 0.6 https://kqlsearch.com/query/find_scheduled_tasks&clmnyau3x00065ip41raf508f 2023-09-17T21:09:51.972Z weekly 0.6 https://kqlsearch.com/query/device_events_scheduled_tasks&clmnyaphj00045ip4vg6ngnvn 2023-09-17T21:09:45.990Z weekly 0.6 https://kqlsearch.com/query/psexec1&clmnyal9500025ip4a0jwg3db 2023-09-17T21:09:40.504Z weekly 0.6 https://kqlsearch.com/query/find_rmm_processes&clmnyai1o00005ip4gm8dlvyr 2023-09-17T21:09:36.347Z weekly 0.6 https://kqlsearch.com/query/UncommonTLDs&clmny51xy002h5i6w242lf4z8 2023-09-17T21:05:22.189Z weekly 0.6 https://kqlsearch.com/query/TopAppsCrashing&clmny4vqi002f5i6wxb4dbb1t 2023-09-17T21:05:14.154Z weekly 0.6 https://kqlsearch.com/query/IdentityCorrelation&clmny4mrm002d5i6whjosp7qj 2023-09-17T21:05:02.529Z weekly 0.6 https://kqlsearch.com/query/AppLockerPolicy&clmny4h8a002b5i6woz5mf2ck 2023-09-17T21:04:55.353Z weekly 0.6 https://kqlsearch.com/query/WiFiNetworkNames&clmny4a4400295i6wud9rfkis 2023-09-17T21:04:46.131Z weekly 0.6 https://kqlsearch.com/query/TopSocialMedia&clmny45yu00275i6wrt9kxref 2023-09-17T21:04:40.757Z weekly 0.6 https://kqlsearch.com/query/PotentialLeavers&clmny3ys900255i6w596l6gwk 2023-09-17T21:04:31.440Z weekly 0.6 https://kqlsearch.com/query/PersonalEmailUsage&clmny3p6g00235i6wdl8r7uyr 2023-09-17T21:04:18.999Z weekly 0.6 https://kqlsearch.com/query/SystemProcessNetCons&clmny3kmo00215i6wt4se87nn 2023-09-17T21:04:13.104Z weekly 0.6 https://kqlsearch.com/query/GloballyRareService&clmny3h6k001z5i6wbed7s5cc 2023-09-17T21:04:08.636Z weekly 0.6 https://kqlsearch.com/query/DetectAllTheThings&clmny3aq1001x5i6wgz1k2do9 2023-09-17T21:04:00.256Z weekly 0.6 https://kqlsearch.com/query/VulnerabilityPercentages&clmny366i001v5i6wjb0bt49g 2023-09-17T21:03:54.377Z weekly 0.6 https://kqlsearch.com/query/UndocumentedRMM&clmny2yk4001t5i6wsz1o9981 2023-09-17T21:03:44.492Z weekly 0.6 https://kqlsearch.com/query/FilesWithPasswords&clmny2sg8001r5i6wsggjceuu 2023-09-17T21:03:36.583Z weekly 0.6 https://kqlsearch.com/query/EndpointStatusReport&clmny2opp001p5i6wopctqtru 2023-09-17T21:03:31.740Z weekly 0.6 https://kqlsearch.com/query/CriticalVulnerabilities&clmny2jsb001n5i6woku71ng5 2023-09-17T21:03:25.346Z weekly 0.6 https://kqlsearch.com/query/CleartextLDAP&clmny2cst001l5i6wrhwycsiy 2023-09-17T21:03:16.300Z weekly 0.6 https://kqlsearch.com/query/PhishLinkClickers&clmny28o0001j5i6wt4b1ujir 2023-09-17T21:03:10.944Z weekly 0.6 https://kqlsearch.com/query/PhishDelivered&clmny255f001h5i6wdd6l6amz 2023-09-17T21:03:06.379Z weekly 0.6 https://kqlsearch.com/query/MassIncomingEmail&clmny1xr4001f5i6wknoovebr 2023-09-17T21:02:56.800Z weekly 0.6 https://kqlsearch.com/query/EmailsWithOAuthRequests&clmny1t85001d5i6w2oevlhpn 2023-09-17T21:02:50.932Z weekly 0.6 https://kqlsearch.com/query/IOCSearch&clmny1p5q001b5i6wpr81nuc7 2023-09-17T21:02:45.661Z weekly 0.6 https://kqlsearch.com/query/CompromisedDevicesSMB&clmny1hk300195i6wcortez26 2023-09-17T21:02:35.810Z weekly 0.6 https://kqlsearch.com/query/BaselineComparison&clmny1cch00175i6wv2ydvmo5 2023-09-17T21:02:29.057Z weekly 0.6 https://kqlsearch.com/query/SeriousSAM&clmny13tk00155i6wkuetqd1o 2023-09-17T21:02:18.007Z weekly 0.6 https://kqlsearch.com/query/Follina&clmny0z7p00135i6wtjo96a4p 2023-09-17T21:02:12.037Z weekly 0.6 https://kqlsearch.com/query/XLLDropper&clmny0v3z00115i6w1sgwyz30 2023-09-17T21:02:06.718Z weekly 0.6 https://kqlsearch.com/query/URLhausNetworkEvents&clmny0nwc000z5i6w900m8fkf 2023-09-17T21:01:57.371Z weekly 0.6 https://kqlsearch.com/query/SilentPARegistration&clmny0kdf000x5i6wfza890fw 2023-09-17T21:01:52.802Z weekly 0.6 https://kqlsearch.com/query/SharpHoundOutput&clmny0gx4000v5i6wnzouyar6 2023-09-17T21:01:48.328Z weekly 0.6 https://kqlsearch.com/query/SensitiveGroupModification&clmny0dk4000t5i6wvpzjuefz 2023-09-17T21:01:43.963Z weekly 0.6 https://kqlsearch.com/query/RenamedRclone&clmny07vb000r5i6wd0pgj5z0 2023-09-17T21:01:36.598Z weekly 0.6 https://kqlsearch.com/query/Rclone&clmny033x000p5i6wcj3t6hfl 2023-09-17T21:01:30.428Z weekly 0.6 https://kqlsearch.com/query/OneNoteWeirdLocation&clmny00et000o5i6wdqhu5yl2 2023-09-17T21:01:26.932Z weekly 0.6 https://kqlsearch.com/query/MegaExfiltration&clmnxzx2q000m5i6wc2h1g8i7 2023-09-17T21:01:22.609Z weekly 0.6 https://kqlsearch.com/query/LoLDrivers&clmnxzs7r000k5i6wfkoatpp3 2023-09-17T21:01:16.310Z weekly 0.6 https://kqlsearch.com/query/DoubleFileExtension&clmnxzn5j000i5i6wp7qdeetp 2023-09-17T21:01:09.742Z weekly 0.6 https://kqlsearch.com/query/TopRemoteLogons&clmnxzhhz000g5i6w8p4n2i81 2023-09-17T21:01:02.423Z weekly 0.6 https://kqlsearch.com/query/AnomalousLogonTimeline&clmnxz9vm000e5i6w4dwwal2s 2023-09-17T21:00:52.537Z weekly 0.6 https://kqlsearch.com/query/AnomalousEmailAttachment&clmnxz32w000c5i6wqthdit4r 2023-09-17T21:00:43.736Z weekly 0.6 https://kqlsearch.com/query/AnomalousBatExecTimeline&clmnxywuo000a5i6wv5l7os29 2023-09-17T21:00:35.655Z weekly 0.6 https://kqlsearch.com/query/ASRTopUsers&clmnxym0q00085i6wm0ems3x6 2023-09-17T21:00:21.625Z weekly 0.6 https://kqlsearch.com/query/ASRTopRules&clmnxyg3000065i6wat6pnkpz 2023-09-17T21:00:13.931Z weekly 0.6 https://kqlsearch.com/query/ASRTopFiles&clmnxyc5c00045i6wka4ye6ex 2023-09-17T21:00:08.823Z weekly 0.6 https://kqlsearch.com/query/ASRSummary&clmnxy8ft00025i6w32e1y20t 2023-09-17T21:00:04.025Z weekly 0.6 https://kqlsearch.com/query/ASRSingleRuleAudits&clmnxy3r000005i6wm0h1dbac 2023-09-17T20:59:57.947Z weekly 0.6 https://kqlsearch.com/query/UnusualSensitiveActionPerformedByAzureADConnectAccount&clmnxtk5d00065iy0hbu0siob 2023-09-17T20:56:25.921Z weekly 0.6 https://kqlsearch.com/query/PotentialMaliciousSign-inFromAzureADConnectAccountUEBA&clmnxtbf900045iy0owbj8o4a 2023-09-17T20:56:14.604Z weekly 0.6 https://kqlsearch.com/query/OwnerAddedToHighPrivilegedApplication&clmnxt37900025iy0dmdamrml 2023-09-17T20:56:03.956Z weekly 0.6 https://kqlsearch.com/query/HighPrivilegedRoleAssigned&clmnxswmk00005iy08btdkoqn 2023-09-17T20:55:55.435Z weekly 0.6 https://kqlsearch.com/query/UnusualSensitiveActionPerformedByAzureADConnectAccountUEBA&clmnxsjgm000p5ih8twlk9caa 2023-09-17T20:55:38.366Z weekly 0.6 https://kqlsearch.com/query/ChangesToAzureLighthouseDelegation&clmnxqumh000o5ih8ftksd6fk 2023-09-17T20:54:19.528Z weekly 0.6 https://kqlsearch.com/query/AzureVMRunCommandorCustomScriptExecution&clmnxqox7000n5ih84fv214m0 2023-09-17T20:54:12.130Z weekly 0.6 https://kqlsearch.com/query/SecretAddedToHighPrivilegedApplication&clmnxps4d000i5ih8fh84sdjn 2023-09-17T20:53:29.620Z weekly 0.6 https://kqlsearch.com/query/PotentialMalicousDomainRegistration&clmnxpiq4000g5ih8cmlc7iwm 2023-09-17T20:53:17.451Z weekly 0.6 https://kqlsearch.com/query/PotentialMaliciousSign-inFromAzureADConnectAccount&clmnxp0tb000c5ih848mc479c 2023-09-17T20:52:54.230Z weekly 0.6 https://kqlsearch.com/query/PasswordResetOnHighPrivilegedUser&clmnxosrx000a5ih87h7b78el 2023-09-17T20:52:43.820Z weekly 0.6 https://kqlsearch.com/query/NewLighthouseServiceProviderWasAdded&clmnxodz200065ih8oqoxitf0 2023-09-17T20:52:24.637Z weekly 0.6 https://kqlsearch.com/query/DangerousAPIPermissionConsented&clmnxo4qx00025ih8trn40krh 2023-09-17T20:52:12.673Z weekly 0.6 https://kqlsearch.com/query/AzureVmRunCommandOrCustomScriptExecutionDetected&clmnxnxzu00005ih8pcn1ds7g 2023-09-17T20:52:03.928Z weekly 0.6 https://kqlsearch.com/query/GrantHighPrivilegeMicrosoftGraphPermissions&clmnxn2n100025i98kwtkiqiy 2023-09-17T20:51:23.285Z weekly 0.6 https://kqlsearch.com/query/GrantHighPrivilegeAzureADRoleToIdentity&clmnxmwmr00005i989acu2sq3 2023-09-17T20:51:15.506Z weekly 0.6 https://kqlsearch.com/query/Analytics-AzureADRoleAssignments&clmnx0wpj00005i3ol92wdvao 2023-09-17T20:34:09.174Z weekly 0.6 https://kqlsearch.com/query/Operational-ShowUsersThatAbandonedTheIntuneEnrollment&clmnvqxz900005iq077wocszl 2023-09-17T19:58:24.644Z weekly 0.6 https://kqlsearch.com/query/Syslog-FailedLogonAttempts_UnknownUser&clmnu5fdi002e5izsl92gkler 2023-09-17T19:13:41.133Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-office_policytampering&clmnu4tuj002c5izswiphtrgu 2023-09-17T19:13:13.235Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-exchange_auditlogdisabled&clmnu4ijc002b5izsaz4ranrg 2023-09-17T19:12:58.584Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-SharePoint_Downloads_byNewIP&clmnu46ed00295izsxecjxsks 2023-09-17T19:12:42.852Z weekly 0.6 https://kqlsearch.com/query/OfficeActivity-Office_MailForwarding&clmnu3mf600275izs3kgdxs77 2023-09-17T19:12:16.953Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-malware_in_recyclebin&clmnu37zf00255izs23r7s695 2023-09-17T19:11:58.243Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-WindowsBinariesExecutedfromNon-DefaultDirectory&clmnu2kkj00235izs8ybcs3ml 2023-09-17T19:11:27.906Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-PotentialRemoteDesktopTunneling&clmnu20br00215izswg6r4lm5 2023-09-17T19:11:01.662Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-MFADisable_AzureAD&clmnu1iwa001z5izs9h0mh518 2023-09-17T19:10:39.073Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-AdminPromoAfterRoleMgmtAppPermissionGrant&clmnu1265001y5izsc9hnt6rl 2023-09-17T19:10:17.405Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-AzureADRoleManagementPermissionGrant&clmnu11e4001x5izsco8ru9hl 2023-09-17T19:10:16.387Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-UserPrincipalNameAssignedToUserAccount&clmnu0959001w5izsbqgpb0nq 2023-09-17T19:09:39.789Z weekly 0.6 https://kqlsearch.com/query/Multiple-PrivilegedUserLogonfromnewASN&clmnu08gd001v5izs8gxfiwgp 2023-09-17T19:09:38.885Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-RDP_Nesting&clmntyqf1001t5izs38xb5f1e 2023-09-17T19:08:28.851Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-PotenialResourceBasedConstrainedDelegationAbuse&clmnty3tj001s5izs2l54bh4x 2023-09-17T19:07:59.566Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-AdminSDHolder_Modifications&clmntxlnf001r5izszk5fuawb 2023-09-17T19:07:36.019Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-SecurityServiceRegistryACLModification&clmntx61j001q5izsbwi6n9iz 2023-09-17T19:07:15.790Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-AuditPolicyManipulation_using_auditpol&clmntwida001p5izslocq0g36 2023-09-17T19:06:45.110Z weekly 0.6 https://kqlsearch.com/query/Multiple-SuspiciousModificationofGlobalAdminProperties&clmntw601001o5izs7vn5l0js 2023-09-17T19:06:29.080Z weekly 0.6 https://kqlsearch.com/query/Multiple-SuspiciousLoginfromDeletedExternalIdentities&clmntvlwj001n5izsq422xfvi 2023-09-17T19:06:03.034Z weekly 0.6 https://kqlsearch.com/query/Multiple-RunCommandUEBABreach&clmntv4ij001m5izs5xrk71tv 2023-09-17T19:05:40.498Z weekly 0.6 https://kqlsearch.com/query/Multiple-MalformedUserAgents&clmntughk001l5izshracsulv 2023-09-17T19:05:09.358Z weekly 0.6 https://kqlsearch.com/query/AzureActivity-AzDiagSettingsDeleted&clmnttpyw001k5izs5k5w68yh 2023-09-17T19:04:34.992Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-UserStatechangedfromGuesttoMember&clmntta8g001j5izs8r4r3rme 2023-09-17T19:04:14.599Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-End-userconsentstoppedduetorisk-basedconsent&clmntsaaw001i5izspn8hwobb 2023-09-17T19:03:28.031Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-ChangestoApplicationOwnership&clmntrp2n001h5izswnw5e8zb 2023-09-17T19:03:00.519Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-ApplicationURIAdded&clmntr5r4001g5izsd8xmm5kd 2023-09-17T19:02:35.479Z weekly 0.6 https://kqlsearch.com/query/Multiple-Unexpected%20Azure%20AD%20device&clmntqj0v001f5izs678chn1i 2023-09-17T19:02:06.021Z weekly 0.6 https://kqlsearch.com/query/ExternalData-Microsoft%20Graph%20permissions&clmntpuj5001e5izsz40etuzg 2023-09-17T19:01:34.280Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-PIM%20settings%20modified&clmntpdsb001d5izsuwt2405q 2023-09-17T19:01:12.578Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-PIM%20alert&clmntoaio001b5izslberaeo1 2023-09-17T19:00:21.695Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-PIM%20alert%20disabled&clmntnzfq00195izsadrpnbdz 2023-09-17T19:00:07.325Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Azure%20AD%20role%20assignment&clmntnkne00185izskr948jvj 2023-09-17T18:59:48.170Z weekly 0.6 https://kqlsearch.com/query/SigninLogs-Unexpected%20Conditional%20Access%20authentication%20without%20multifactor&clmntmrlk00165izs5eez3069 2023-09-17T18:59:10.512Z weekly 0.6 https://kqlsearch.com/query/SigninLogs-Unevaluated%20Conditional%20Access%20apps&clmntm6s800145izsof4ko0ft 2023-09-17T18:58:43.544Z weekly 0.6 https://kqlsearch.com/query/SigninLogs-Unapplied%20Conditional%20Access%20authentication&clmntlvau00135izsy051pl17 2023-09-17T18:58:28.654Z weekly 0.6 https://kqlsearch.com/query/SigninLogs-Legacy%20protocols%20used%20in%20Azure%20AD%20authentication&clmntlaon00115izsbrevtizc 2023-09-17T18:58:01.934Z weekly 0.6 https://kqlsearch.com/query/Multiple-Unusual%20unsynchronized%20account%20authentication%20in%20AD%20FS&clmntkqvc000z5izsms35u494 2023-09-17T18:57:36.263Z weekly 0.6 https://kqlsearch.com/query/Multiple-Unexpected%20account%20using%20a%20PowerShell%20app%20in%20Azure%20AD&clmntkc25000x5izskgadqkhb 2023-09-17T18:57:17.060Z weekly 0.6 https://kqlsearch.com/query/Multiple-Slow%20password%20spray%20attack&clmntjmnd000w5izsxho9d5jy 2023-09-17T18:56:44.136Z weekly 0.6 https://kqlsearch.com/query/Multiple-Potential%20MFA%20request%20spam&clmntix32000u5izsjyf2fchp 2023-09-17T18:56:10.998Z weekly 0.6 https://kqlsearch.com/query/Multiple-Password%20spray%20attack%20-%20Compromised%20account&clmnti2w6000t5izs8fpvt6yy 2023-09-17T18:55:31.869Z weekly 0.6 https://kqlsearch.com/query/Multiple-Match%20ADFSSignInLogs%20unknown%20errors%20with%20IdentityLogonEvents%20events&clmnthcqk000r5izsb0x6to2z 2023-09-17T18:54:57.980Z weekly 0.6 https://kqlsearch.com/query/Multiple-Distinct%20accounts%20configured%20MFA%20with%20the%20same%20device&clmntgr2t000p5izst34ygoqy 2023-09-17T18:54:29.909Z weekly 0.6 https://kqlsearch.com/query/Multiple-Authentication%20method%20changes&clmntg685000n5izs3wolfqil 2023-09-17T18:54:02.876Z weekly 0.6 https://kqlsearch.com/query/Multiple-Activity%20with%20Entra%20ID%20break%20glass%20account&clmntfq2h000l5izs56v8s7vp 2023-09-17T18:53:41.936Z weekly 0.6 https://kqlsearch.com/query/Multiple-Account%20configured%20MFA%20with%20phone%20numbers%20from%20distinct%20countries&clmntfa0c000j5izsjtx1j5sl 2023-09-17T18:53:21.123Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Conditional%20Access%20configuration%20modified&clmntes4l000h5izsysp6sbyk 2023-09-17T18:52:57.948Z weekly 0.6 https://kqlsearch.com/query/ADFSSignInLogs-Password%20spray%20attack%20against%20AD%20FS&clmntedgl000g5izskzq093wm 2023-09-17T18:52:38.949Z weekly 0.6 https://kqlsearch.com/query/ADFSSignInLogs-Password%20spray%20attack%20against%20AD%20FS%20-%20Private%20IP%20address%20anomaly&clmntdoxy000e5izseexwrq6w 2023-09-17T18:52:07.166Z weekly 0.6 https://kqlsearch.com/query/AADNonInteractiveUserSignInLogs-Password%20spray%20attack%20against%20Azure%20AD%20Seamless%20SSO&clmntcyns000c5izs9vihv1y0 2023-09-17T18:51:33.111Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Cross-tenant%20access%20settings%20modified&clmntcies000a5izsrlqbmcbt 2023-09-17T18:51:12.051Z weekly 0.6 https://kqlsearch.com/query/Multiple-User%20reported%20suspicious%20activity&clmntcf3900095izs0ah2layt 2023-09-17T18:51:07.740Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Azure%20AD%20unusual%20operation&clmntc3kn00085izsm843oet4 2023-09-17T18:50:52.822Z weekly 0.6 https://kqlsearch.com/query/Multiple-Password%20Spray&clmntbx7100075izsta8unp28 2023-09-17T18:50:44.556Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Azure%20AD%20account%20created%20without%20AD%20synchronization&clmntb61x00065izsfitqcxdt 2023-09-17T18:50:09.372Z weekly 0.6 https://kqlsearch.com/query/AuditLogs-Azure%20AD%20B2C%20settings%20modified&clmntaugc00055izs1wkczkou 2023-09-17T18:49:54.339Z weekly 0.6 https://kqlsearch.com/query/SigninLogs-Risky%20AD%20FS%20sign-in%20event&clmntaf8h00045izshehftyhn 2023-09-17T18:49:34.617Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Password%20spray%20attack%20through%20Kerberos&clmnt9vhj00035izsejlfo0s6 2023-09-17T18:49:09.031Z weekly 0.6 https://kqlsearch.com/query/Multiple-Azure%20AD%20threat%20intelligence&clmnt99ll00025izszrq6m12j 2023-09-17T18:48:40.656Z weekly 0.6 https://kqlsearch.com/query/Analytics-IsWorkingTimeOld&clmnt8gq200015izsf3kcu99y 2023-09-17T18:48:03.241Z weekly 0.6 https://kqlsearch.com/query/Analytics-AuthenticationMethodChanges&clmnt7ws200005izsebr7sjnv 2023-09-17T18:47:37.392Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-Activity%20with%20monitored%20AWS%20role&clmnt13d3000h5iisdqi0q7mk 2023-09-17T18:42:19.334Z weekly 0.6 https://kqlsearch.com/query/AADServicePrincipalRiskEvents-Service%20Principal%20at%20risk&clmnt0zhy000g5iishepxo90v 2023-09-17T18:42:14.317Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS%20IAM%20user%20created&clmnt0f85000f5iiskuolk8w2 2023-09-17T18:41:48.053Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-Activity%20with%20monitored%20AWS%20account%20root%20user&clmnt0dcc000e5iisou37wgug 2023-09-17T18:41:45.604Z weekly 0.6 https://kqlsearch.com/query/AWSCloudTrail-AWS%20admin%20emergency%20access%20token&clmnszsh4000d5iisd84pncgp 2023-09-17T18:41:18.567Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-ObjectName%20GUID%20%26%20sAMAccountName&clmnsyyvg000b5iisbh96ju54 2023-09-17T18:40:40.203Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Account%20removed%20from%20monitored%20AD%20group&clmnsy8m400095iiszc3ni8sy 2023-09-17T18:40:06.163Z weekly 0.6 https://kqlsearch.com/query/SecurityEvent-Account%20allowed%20to%20delegate%20to%20KRBTGT%20service&clmnsxo5w00075iismlgpvx72 2023-09-17T18:39:39.667Z weekly 0.6 https://kqlsearch.com/query/Parsing-SubscriptionInventoryLogs&clmnsxbin00055iisqq0bmwi3 2023-09-17T18:39:23.278Z weekly 0.6 https://kqlsearch.com/query/Parsing-CiscoUmbrellaLogs&clmnsx27a00035iisz8mkg30w 2023-09-17T18:39:11.197Z weekly 0.6 https://kqlsearch.com/query/Analytics-IsWorkingTime&clmnswk7k00025iisc6d0s2q8 2023-09-17T18:38:47.887Z weekly 0.6 https://kqlsearch.com/query/Analytics-PrivilegedIdentityInfo&clmnsw6w800015iis9k40k86a 2023-09-17T18:38:30.632Z weekly 0.6 https://kqlsearch.com/query/Analytics-AuditorGroupAlerts&clmnsvs7c00005iisskjhciwh 2023-09-17T18:38:11.591Z weekly 0.6 https://kqlsearch.com/query/Analytics-AuditorAlerts&clmnst2j400025irsymev97la 2023-09-17T18:36:04.999Z weekly 0.6 https://kqlsearch.com/query/Analytics-AWSIdentityRole&clmnssfib00005irs326iez5h 2023-09-17T18:35:35.162Z weekly 0.6 https://kqlsearch.com/query/Operational-VisualizefailedDeviceDeployments&clmnslls300325iu4jm8zr8nr 2023-09-17T18:30:16.697Z weekly 0.6 https://kqlsearch.com/query/Operational-VisualizeEnrollmentStatistics&clmnsl6is00305iu4dt9zbh9p 2023-09-17T18:29:56.923Z weekly 0.6 https://kqlsearch.com/query/Operational-ShowIntuneEnrollmentNotSupportedDevices&clmnskj2h002w5iu4b14opawx 2023-09-17T18:29:26.529Z weekly 0.6 https://kqlsearch.com/query/Operational-OSBuildDuringAutopilot&clmnsk8uv002u5iu43dwt8k15 2023-09-17T18:29:13.302Z weekly 0.6 https://kqlsearch.com/query/Operational-NumberOfSuccessfulEnrollmentsbyOS&clmnsjy20002s5iu4dnt9esrf 2023-09-17T18:28:59.304Z weekly 0.6 https://kqlsearch.com/query/Operational-LatestDeviceEnrollments&clmnsjnsj002q5iu4nzyec50m 2023-09-17T18:28:45.994Z weekly 0.6 https://kqlsearch.com/query/Operational-EnrollmentTypes&clmnsje2c002o5iu4akzc0vs7 2023-09-17T18:28:33.396Z weekly 0.6 https://kqlsearch.com/query/Operational-ESPEnrollmentsWithProfileName&clmnsj5yj002m5iu4yow0m15b 2023-09-17T18:28:22.882Z weekly 0.6 https://kqlsearch.com/query/Operational-DidUserReachDesktop&clmnsisc0002k5iu4f61paz5i 2023-09-17T18:28:05.224Z weekly 0.6 https://kqlsearch.com/query/Operational-AutopilotDuration&clmnsiix1002i5iu48eus2nrb 2023-09-17T18:27:53.028Z weekly 0.6 https://kqlsearch.com/query/Device-iOSVersions&clmnsi8sj002g5iu4zrq5x6yv 2023-09-17T18:27:39.899Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizetheWindowsBuildNumbersandthenumberofDevices&clmnshy7m002e5iu4fm0ekgd2 2023-09-17T18:27:26.193Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizeWindowsVersions&clmnsho0n002c5iu46m5kol8z 2023-09-17T18:27:12.982Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizeWhenYourDevicesLastContactedIntune&clmnshe44002a5iu40578ibru 2023-09-17T18:27:00.139Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizeTheJoinType&clmnsgzr400285iu4et29agty 2023-09-17T18:26:41.527Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizeNumberofDeviceswithdifferentSKU&clmnsgp6000265iu4mj2vrjja 2023-09-17T18:26:27.815Z weekly 0.6 https://kqlsearch.com/query/Device-VisualizeAndroidVersions&clmnsggmc00245iu4u2df6x1x 2023-09-17T18:26:16.739Z weekly 0.6 https://kqlsearch.com/query/Device-UnsupportediOSVersions&clmnsg7wr00225iu4ar397db6 2023-09-17T18:26:05.442Z weekly 0.6 https://kqlsearch.com/query/Device-UnsupportedAndroidVersions&clmnsg14g00205iu4vhj8215e 2023-09-17T18:25:56.655Z weekly 0.6 https://kqlsearch.com/query/Device-SignIns&clmnsft27001y5iu4am3qsvd5 2023-09-17T18:25:46.198Z weekly 0.6 https://kqlsearch.com/query/Device-ShowiOSDeviceswithJailbreak&clmnsfe0y001w5iu4voxin6or 2023-09-17T18:25:26.721Z weekly 0.6 https://kqlsearch.com/query/Device-ShowallWindowsVersionsandNumberofDeviceswitheachVersion&clmnsf68w001u5iu4b8bfkyph 2023-09-17T18:25:16.631Z weekly 0.6 https://kqlsearch.com/query/Device-NumberOfDevicesThatAreManagedByIntuneOrAreCoManaged&clmnseuzx001s5iu45u691vm9 2023-09-17T18:25:02.060Z weekly 0.6 https://kqlsearch.com/query/Device-NumberOfDevicesAndManufacturers&clmnsep8f001q5iu4phpkq04n 2023-09-17T18:24:54.582Z weekly 0.6 https://kqlsearch.com/query/Device-ListofallDevicesthatwhereaddedtoIntunewithOSPlatforminformation&clmnsejq4001o5iu48kz5rw27 2023-09-17T18:24:47.451Z weekly 0.6 https://kqlsearch.com/query/Device-ListofDevicesThatAreNotBitlockerEncrypted&clmnsechz001m5iu4v5lay0t0 2023-09-17T18:24:38.077Z weekly 0.6 https://kqlsearch.com/query/Device-LastTimeTheDeviceWasActive&clmnse6dc001k5iu4a0v3v7id 2023-09-17T18:24:30.143Z weekly 0.6 https://kqlsearch.com/query/Device-JoinTypes&clmnsdx1g001i5iu4484q5tep 2023-09-17T18:24:18.044Z weekly 0.6 https://kqlsearch.com/query/Device-FreeStorage&clmnsdmoy001g5iu4x8hj5xni 2023-09-17T18:24:04.641Z weekly 0.6 https://kqlsearch.com/query/Device-EndofLife&clmnsdd72001e5iu4de7cql81 2023-09-17T18:23:52.325Z weekly 0.6 https://kqlsearch.com/query/Device-DevicesWithoutPrimaryUser&clmnscxou001c5iu4ald765tu 2023-09-17T18:23:32.237Z weekly 0.6 https://kqlsearch.com/query/Device-DevicesRegisteredButNotManagedByIntune&clmnscrwo001a5iu4yumackc6 2023-09-17T18:23:24.744Z weekly 0.6 https://kqlsearch.com/query/Device-DevicesAndPrimaryUser&clmnscm4u00185iu4t8bsejnx 2023-09-17T18:23:17.253Z weekly 0.6 https://kqlsearch.com/query/Device-CountdownEndofLife21H1&clmnscgt000165iu4uo05p52h 2023-09-17T18:23:10.356Z weekly 0.6 https://kqlsearch.com/query/Device-CompareOSBuildTodayAndYesterday&clmnsc77400145iu4w4kibvel 2023-09-17T18:22:57.895Z weekly 0.6 https://kqlsearch.com/query/Device%20-%20Visualize%20device%20compliance&clmnsbwom00125iu49s5jxox6 2023-09-17T18:22:44.277Z weekly 0.6 https://kqlsearch.com/query/Device%20-%20Translate%20OS%20Build%20to%20Version&clmnsbnj300105iu49wi36rf0 2023-09-17T18:22:32.406Z weekly 0.6 https://kqlsearch.com/query/Compliance-NumberofDeviceswithDeviceHealthThreatLevelStatus&clmnsb9rv000y5iu4yfjkdo5i 2023-09-17T18:22:14.578Z weekly 0.6 https://kqlsearch.com/query/Compliance-NumberOfCompanyOwnedDevicesThatAreCompliantOrNotCompliant&clmnsaxxt000w5iu4alm3sekl 2023-09-17T18:21:59.240Z weekly 0.6 https://kqlsearch.com/query/Compliance-NumberOfActiveDevicesInTheLast7And30Days&clmnsaiv4000u5iu41asbjhgt 2023-09-17T18:21:39.703Z weekly 0.6 https://kqlsearch.com/query/Compliance-NumberAndListOfCompanyOwnedDevicesWithComplianceStatus&clmnsa650000s5iu46cdehtu9 2023-09-17T18:21:23.211Z weekly 0.6 https://kqlsearch.com/query/Compliance-NotcompliantDevices&clmns9vbx000q5iu466svpbl0 2023-09-17T18:21:09.212Z weekly 0.6 https://kqlsearch.com/query/Compliance%20-%20List%20of%20Devices%20that%20have%20DeviceHealthThreatLevel%20Status%20of%20Secured&clmns9mw7000o5iu4gmau55g0 2023-09-17T18:20:58.270Z weekly 0.6 https://kqlsearch.com/query/Audit-WipedDevices&clmns97k7000k5iu4nxr6ilhi 2023-09-17T18:20:38.406Z weekly 0.6 https://kqlsearch.com/query/Audit-ShowWhatActionstookplacefromwhichAppOrUser&clmns8xk5000i5iu40pygh143 2023-09-17T18:20:25.437Z weekly 0.6 https://kqlsearch.com/query/Audit-ShowRemoteLockedDevices&clmns8nye000g5iu46crnewok 2023-09-17T18:20:12.998Z weekly 0.6 https://kqlsearch.com/query/Audit-ShowLocatedDevices&clmns8h5m000e5iu4pr2r50l9 2023-09-17T18:20:04.176Z weekly 0.6 https://kqlsearch.com/query/Audit-ShowFeatureUpdatePolicies&clmns84v5000c5iu44t3n6dif 2023-09-17T18:19:48.248Z weekly 0.6 https://kqlsearch.com/query/Audit-ShowEnableLostModeDevices&clmns7x9k000a5iu4bzf2ra39 2023-09-17T18:19:38.408Z weekly 0.6 https://kqlsearch.com/query/Audit-ShowDeletedDevices&clmns7nn500085iu4h2j18kr3 2023-09-17T18:19:25.928Z weekly 0.6 https://kqlsearch.com/query/Audit-ShowClientCertificates&clmns79u500065iu4axdf0nhl 2023-09-17T18:19:08.036Z weekly 0.6 https://kqlsearch.com/query/Audit-DeletedDevices&clmns6wya00045iu4asdzvnjw 2023-09-17T18:18:51.345Z weekly 0.6 https://kqlsearch.com/query/Audit-ChangesinConfigurationProfiles&clmns6mss00025iu4l96azyxe 2023-09-17T18:18:38.178Z weekly 0.6 https://kqlsearch.com/query/Audit%20-%20Show%20OperationName%20and%20OperationCount&clmns6c9p00015iu4zow5kui3 2023-09-17T18:18:24.540Z weekly 0.6 https://kqlsearch.com/query/XDR-MITRE-ATTCK-pivot&clmer6tsv000u5iqwduh2g9s5 2023-09-11T10:40:52.062Z weekly 0.6 https://kqlsearch.com/query/XDR-DetectionPercentage-SecurityProducts&clmer6jux000t5iqw40awewqe 2023-09-11T10:40:39.168Z weekly 0.6 https://kqlsearch.com/query/XDR-AlertReports&clmer6efj000s5iqw1fv0g4lh 2023-09-11T10:40:32.142Z weekly 0.6 https://kqlsearch.com/query/Identity-AzureAD-User-RiskCheck&clmer651c000r5iqw8f4qkd7c 2023-09-11T10:40:19.959Z weekly 0.6 https://kqlsearch.com/query/MDE-visualizing-ASRrule-detections&clmer5w5e000q5iqwm2dpf550 2023-09-11T10:40:08.450Z weekly 0.6 https://kqlsearch.com/query/MDE-WebProtection&clmer5qn0000p5iqwlfukk0iu 2023-09-11T10:40:01.299Z weekly 0.6 https://kqlsearch.com/query/MDE-TamperProtection&clmer5jiy000o5iqwwaslscx0 2023-09-11T10:39:52.089Z weekly 0.6 https://kqlsearch.com/query/MDE-TP-TSmode-AVversions-list&clmer5ays000n5iqwrgobytd6 2023-09-11T10:39:40.987Z weekly 0.6 https://kqlsearch.com/query/MDE-ControlledFolderAccess&clmer54ts000m5iqwysk73mz7 2023-09-11T10:39:33.040Z weekly 0.6 https://kqlsearch.com/query/Endpoint-WDigest-CredentialAccess&clmer4wbq000l5iqwezrdaysd 2023-09-11T10:39:22.014Z weekly 0.6 https://kqlsearch.com/query/Endpoint-UserAccountCreated&clmer4nh7000k5iqw7hnfpixf 2023-09-11T10:39:10.554Z weekly 0.6 https://kqlsearch.com/query/Endpoint-UrlHunting-EmailToDevice&clmer4gi4000j5iqwzhcejiu6 2023-09-11T10:39:01.507Z weekly 0.6 https://kqlsearch.com/query/Endpoint-Tracking-Mimikatz-CommandLine&clmer49tj000i5iqwoc5tpnrn 2023-09-11T10:38:52.854Z weekly 0.6 https://kqlsearch.com/query/Endpoint-PsExecHunting-LMP&clmer43od000h5iqwvn837g7x 2023-09-11T10:38:44.884Z weekly 0.6 https://kqlsearch.com/query/Endpoint-NetExeListing-Reconnaissance&clmer3tkq000g5iqwdc5vlot2 2023-09-11T10:38:31.801Z weekly 0.6 https://kqlsearch.com/query/Endpoint-Monitoring-Persistence&clmer3mkf000f5iqw8g46kk9s 2023-09-11T10:38:22.710Z weekly 0.6 https://kqlsearch.com/query/Endpoint-MITRE-ATTCK-Report&clmer3e2p000e5iqw7hh1ezhb 2023-09-11T10:38:11.713Z weekly 0.6 https://kqlsearch.com/query/Endpoint-ListForSuspiciousFiles-Device&clmer379q000d5iqwvhmzszuc 2023-09-11T10:38:02.885Z weekly 0.6 https://kqlsearch.com/query/Endpoint-InstalledApps-Windows&clmer305e000c5iqwmw3aevsr 2023-09-11T10:37:53.665Z weekly 0.6 https://kqlsearch.com/query/Endpoint-ImpacketWmi-LMP&clmer2t4j000b5iqwo2ym52fe 2023-09-11T10:37:44.554Z weekly 0.6 https://kqlsearch.com/query/DefenderAntivirus-scan-report&clmer2kef000a5iqw8w0kyisu 2023-09-11T10:37:33.254Z weekly 0.6 https://kqlsearch.com/query/DefenderAntivirus-malware-detection-list&clmer2etx00095iqwcitf5352 2023-09-11T10:37:26.028Z weekly 0.6 https://kqlsearch.com/query/Email-ThreatHunting-URL&clmer26on00085iqwpj8h2vke 2023-09-11T10:37:15.478Z weekly 0.6 https://kqlsearch.com/query/Email-Threat-Reports&clmer1zvf00075iqwn5b4c3tk 2023-09-11T10:37:06.642Z weekly 0.6 https://kqlsearch.com/query/Email-MalwareDetection-List&clmer1ufb00065iqw74hfrkm8 2023-09-11T10:36:59.590Z weekly 0.6 https://kqlsearch.com/query/Email-MDO-UserList-for-RemediationAction&clmer1mx900055iqwshq2w55m 2023-09-11T10:36:49.860Z weekly 0.6 https://kqlsearch.com/query/Email-MDO-Phishing-detection&clmer1czx00045iqwaaiep3jc 2023-09-11T10:36:37.004Z weekly 0.6 https://kqlsearch.com/query/Email-MDO-Malware-detection&clmer133p00035iqwkavvtb2c 2023-09-11T10:36:24.172Z weekly 0.6 https://kqlsearch.com/query/Email-MDO-Detection-DailyPercentage&clmer0vl600025iqwa833uf10 2023-09-11T10:36:14.441Z weekly 0.6 https://kqlsearch.com/query/Email-EOP-Phishing-detection&clmer0oxf00015iqwco4jcun7 2023-09-11T10:36:05.801Z weekly 0.6 https://kqlsearch.com/query/Email-EOP-Malware-detection&clmer0fwn00005iqw5qs5rve1 2023-09-11T10:35:54.117Z weekly 0.6 https://kqlsearch.com/query/Email-EOP-Detection-DailyPercentage&clmeqr53l00015i4ghqche3nz 2023-09-11T10:28:40.200Z weekly 0.6 https://kqlsearch.com/query/Email-Audit-SafeAttachments-GlobalSetting&clmeqqwzh00005i4giwdouwmy 2023-09-11T10:28:29.692Z weekly 0.6