Our Sponsors ❤️
EmailUrlInfoEmailEvents
IA Threat Intelligence Feed Evaluation Based On URL IO Cs
EmailAttachmentInfoEmailEvents
IA Threat Intelligence Feed Evaluation Based On File Hashes IO Cs
EmailUrlInfoEmailEvents
IA Threat Intelligence Feed Evaluation Based On Domains IO Cs
EmailEventsUrlClickEventsSigninLogs
Suspicious Sign In After Phishing Link Click
DeviceImageLoadEventsDeviceFileCertificateInfo
Monitor DL Ls By Signer
IdentityInfoSecurityEvent
Certificate Issued To Privileged User
DeviceEventsDeviceFileEvents
Detect Lol Driver Drop Or Load From Unkown Process
SigninLogsAADNonInteractiveUserSignInLogsAADUserRiskEvents
Detect Device Code With User Risk
DeviceNetworkEventsDeviceProcessEvents
Detect Msiexec Executing Dll Network Connections
DeviceProcessEventsDeviceNetworkEvents
Detect Unkown Process Launched Via Win RM
DeviceNetworkEvents
Detect Unkown Process Using Smb And Winrm
DeviceProcessEventsDeviceFileCertificateInfo
Detect Unsigned Exec Launch From Scheduled Task
DeviceProcessEvents
Detect Rare Scheduled Task Created
AuditLogsAADUserRiskEventsCloudAppEvents
Detect PIM Elevation With User Risk
IntuneAuditLogsBehaviorEntitiesIdentityInfo+1
User With Uncommon Or Risky Behavior Is Deploying A Script With Intune To All Users Or All Devices
IntuneAuditLogsBehaviorEntitiesIdentityInfo+1
Delete An Intune Multi Approval Policy By User With Uncommon Or Risky Behavior
IntuneAuditLogsBehaviorEntitiesIdentityInfo+1
User With Uncommon Or Risky Behavior Is Deploying An Application With Intune To All Users Or All Devices
IntuneAuditLogsIdentityInfoGraphAPIAuditEvents+1
Managed Service Provider User B2B Or GDAP Without Device Compliance Or MFA Claim Is Managing Intune
IntuneAuditLogs
Mass Wipe Or Retire Device Action
SigninLogsAADNonInteractiveUserSignInLogsNetworkAccessTraffic
Consent Fix Hunting Confidence On Token And Network Signals
KnowExploitesVulnsCISA
CISAKEV Year To Date Vulnerabilities
KnowExploitesVulnsCISA
CISAKEV Year To Date Vulnerabilities Product
KnowExploitesVulnsCISA
CISAKEV Year To Date Vulnerabilities Release Year
KnowExploitesVulnsCISA
CISAKEV Year To Date Vulnerabilities Edge Devices
AADSignInEventsBeta
AADSTS Errorcodes KQL
DeviceProcessEvents
MDE Data Collection
DeviceProcessEvents
Mshta Executions
DeviceTvmCertificateInfoDeviceInfoDeviceTvmSoftwareVulnerabilities
MDE Digi Cert Global Root G2
SigninLogs
Correlation Id Equals Tenant Id In Peculiar Password Spray
accesslog
Parse Apache Accesslog
DeviceEventsDeviceNetworkEventsDeviceProcessEvents
Suspicious MS Build Remote Thread
DeviceEventsDeviceInfoAlertEvidence+1
Failed AV Scan On Devices With Vulnerabilities And Related Incidents
DeviceProcessEvents
Pod Containerexec
DeviceFileEvents
Executable Files Program Data Folder
DeviceProcessEventsDeviceNetworkEvents
Power Shell LOLBAS Execution With Public Network Connection
DeviceInfo
MDE Device Active Inactive
DeviceInfo
MDE Device Groups
EmailEventsEmailUrlInfo
KQL Techniques For Email URL Redirect Hunting
IdentityAccountInfoIdentityInfo
MDI Identity Password Security Posture Assessment
OfficeActivityCloudAppEvents
MDO Auto Forwarding Mode
OAuthAppInfo
O Auth App Evaluation
resources
Azure Resource Graph APIM With Basic Auth Enabled
AuditLogs
Entra Account Disabled
AuditLogs
Entra Group Changes
AuditLogs
Entra Password Resets
AuditLogs
User Deleted From Entra
AuditLogs
Device Deleted From Entra
resources
Audit Logic Apps With Office365 Connections Using Resource Query
DeviceProcessEvents
Executables In App Data Local Roaming
resourcechanges