KQL Search

CVE 2024 43452 Po C Detection

DeviceTvmSoftwareVulnerabilitiesDeviceFileEventsDeviceFileCertificateInfoDeviceEventsDeviceNetworkEvents
Author: Steven LimReleased: January 7th, 2025

CVE 2024 49113 LDAP Nightmare

DeviceNetworkEvents
Author: Bert-Jan PalsReleased: January 6th, 2025

Resource Lock Deletion For Azure Monitor Rule

AzureActivity
Author: Jay KeraiReleased: January 4th, 2025

Machine Onboarded

AzureActivity
Author: Bert-Jan PalsReleased: January 4th, 2025

LDAP Nightmare POC Detection

DnsEvents
Author: Steven LimReleased: January 3rd, 2025

Log Analytic Workspace Deletions

AzureActivity
Author: Jay KeraiReleased: January 2nd, 2025

Sentinel Incident Deletions

AzureActivity
Author: Jay KeraiReleased: January 2nd, 2025

Azure Monitor Rule Disabled

AzureActivity
Author: Jay KeraiReleased: January 1st, 2025

Bring Your Own Minifilter EDR Bypass

DeviceProcessEventsDeviceRegistryEvents
Author: Jay KeraiReleased: December 31th, 2024

Living Off The Tunnels IOCS

DeviceNetworkEvents
Author: Jay KeraiReleased: December 30th, 2024

Security Event AD Unusual Operation

SecurityEvent
Author: Jose Sebastián CanósReleased: December 30th, 2024

Hunting Malicious Chrome Extension

DeviceFileEvents
Author: Steven LimReleased: December 30th, 2024

Custom Detection Disabled

CloudAppEvents
Author: Bert-Jan PalsReleased: December 28th, 2024

CVE 2024 3393 DDOS Detection

CommonSecurityLog
Author: Steven LimReleased: December 27th, 2024

Malicious Senders Hidden Behind Anonymous Proxies

CloudAppEvents
Author: Sergio AlbeaReleased: December 26th, 2024

Rating IS Ps To Detect Potential Malicious Domains Sending Threats

EmailEvents
Author: Sergio AlbeaReleased: December 26th, 2024

Detection Of OOF Message Delivered Externally

EmailEvents
Author: Sergio AlbeaReleased: December 26th, 2024

Detect Spoofed Email Cases

EmailEventsIdentityInfo
Author: Sergio AlbeaReleased: December 26th, 2024

September Updates

DeviceTvmSoftwareVulnerabilitiesDeviceTvmSoftwareVulnerabilitiesKB
Author: Sergio AlbeaReleased: December 26th, 2024

Anonymized Microsoft Graph Activity Logs

MicrosoftGraphActivityLogs
Author: Bert-Jan PalsReleased: December 23th, 2024

Monitor Exclusion Into Conditional Access Policies

AADSignInEventsBeta
Author: Sergio AlbeaReleased: December 23th, 2024

TI Feed Tor Connections

DeviceNetworkEvents
Author: Bert-Jan PalsReleased: December 21th, 2024

Advanced Vishing KQL Detection

TeamsCallLog
Author: Steven LimReleased: December 19th, 2024

Url Haus Abusech Hits In Microsoft Teams

CloudAppEvents
Author: Sergio AlbeaReleased: December 18th, 2024

Power Shell Self Pwn

IdentityInfoDeviceEventsDeviceProcessEvents
Author: Steven LimReleased: December 17th, 2024

Ransomware Tool Matrix Defender Lookup

DeviceProcessEvents
Author: Jay KeraiReleased: December 16th, 2024

Hunting For Registry Artifacts Of Service Creation

DeviceRegistryEvents
Author: Sergio AlbeaReleased: December 13rd, 2024

Hunting For Process Command Line Artifacts Of Service Creation

DeviceProcessEvents
Author: Sergio AlbeaReleased: December 13rd, 2024

Old BIOS Versions

BiosInfo
Author: Ugur KocReleased: December 13rd, 2024

Identify Top Disk IO Processes

Process
Author: Ugur KocReleased: December 13rd, 2024

Flag Processes With Disproportionately Large Virtual Memory Usage

Process
Author: Ugur KocReleased: December 13rd, 2024

Identify Programs Set To Auto Run At Startup

WindowsRegistry
Author: Ugur KocReleased: December 13rd, 2024

Check If TPM 20 Is Available

Tpm
Author: Ugur KocReleased: December 13rd, 2024

Find Processes With Unusually High Thread Or Handle Counts

Process
Author: Ugur KocReleased: December 13rd, 2024

Microsoft Graph Activity Logs Missing Logs

MicrosoftGraphActivityLogs
Author: Jose Sebastián CanósReleased: December 12nd, 2024

Docu Shield NRT Anti Impersonation Email Purge

EmailEvents
Author: Steven LimReleased: December 12nd, 2024

Detecting Teams Red Team Tool Convo C2

CloudAppEvents
Author: Steven LimReleased: December 11st, 2024

Hunting Zloader DNS Tunneling

DeviceNetworkEvents
Author: Steven LimReleased: December 11st, 2024

Url Haus Abusech Hits In Microsoft Teams

CloudAppEvents
Author: Sergio AlbeaReleased: December 10th, 2024

Monitoring M Teams Activities Such As Shared UR Ls One To One Chats And Domains Participating Into Meetings

CloudAppEvents
Author: Sergio AlbeaReleased: December 10th, 2024

Enhanced Cloudflare Phishing Email Detections

EmailUrlInfoEmailEventsMaliciousDomainTable
Author: Steven LimReleased: December 10th, 2024

Azure Dev Ops Code Recommendations

securityresources
Author: Alex VerboonReleased: December 9th, 2024

Behaviour Suspicious Named Pipes

DeviceEvents
Author: Bert-Jan PalsReleased: December 9th, 2024

Detect Black Basta Ransomware Campaign RMM Tools Deployment

CloudAppEvents
Author: Steven LimReleased: December 9th, 2024

Detect Defender XDR Services And Features Disabled On Devices

DeviceRegistryEvents
Author: Sergio AlbeaReleased: December 8th, 2024

Blue Alpha Gamma Drop Detection

DeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: December 7th, 2024

New URL File NTLM Hash Disclosure Vulnerability Detection 0day

ExposureGraphEdgesDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: December 6th, 2024

Email Events From Email Providers

EmailEvents
Author: Jay KeraiReleased: December 6th, 2024

Hunting Malicious Oauth Grant By Phished User

IdentityInfoCloudAppEvents
Author: Steven LimReleased: December 5th, 2024

Identify And Summarize Processor Families In Your Environment

DeviceTvmHardwareFirmware
Author: Michalis MichalosReleased: December 5th, 2024