Our Sponsors ❤️
Multiple Verified Threat Actor IP
AADUserRiskEventsSecurityAlertSigninLogs
Author: Jose Sebastián CanósReleased: August 29th, 2025
Multiple Suspicious API Traffic
AADUserRiskEventsSecurityAlertAADNonInteractiveUserSignInLogs
Author: Jose Sebastián CanósReleased: August 29th, 2025
TH Use Of Administrator Account
DeviceLogonEvents
Author: Alex VerboonReleased: August 29th, 2025
Purview Entra CA Block Insider Risk
SigninLogs
Author: Alex VerboonReleased: August 29th, 2025
Entra ID Entra Connect Sync Audit Events
SecurityEvent
Author: Alex VerboonReleased: August 29th, 2025
MDE Sense Triggers Power Shell Public IP
DeviceNetworkEvents
Author: Alex VerboonReleased: August 29th, 2025
TH Top Level Domains
DeviceNetworkEventsEmailUrlInfoEmailEventsUrlClickEvents
Author: Alex VerboonReleased: August 29th, 2025
Azure Dev Ops Repositories
ExposureGraphNodes
Author: Alex VerboonReleased: August 29th, 2025
AD Account Last Logon
IdentityInfoIdentityLogonEvents
Author: Alex VerboonReleased: August 29th, 2025
MDE Suspicious TCP Flags
DeviceNetworkEvents
Author: Alex VerboonReleased: August 29th, 2025
Multiple Leaked Credentials
AADUserRiskEventsSecurityAlert
Author: Jose Sebastián CanósReleased: August 28th, 2025
Fetch Dynamic And Manual Tags For Active Devices
DeviceInfo
Author: Michalis MichalosReleased: August 28th, 2025
Set Persistence Using Event Viewer Microsoft Redirection Program
DeviceRegistryEvents
Author: Jay KeraiReleased: August 27th, 2025
Hunt Domains With Seamless Sso Enabled
DeviceInfoIdentityLogonEvents
Author: Robbe Van den DaeleReleased: August 26th, 2025
Enrollment Attempt With Adcsesc1honeypot Template
SecurityEvent
Author: Fabian BaderReleased: August 24th, 2025
File From Host Collected
CloudAppEvents
Author: Bert-Jan PalsReleased: August 24th, 2025
Detecting Onmicrosoft Domains Impacted By Email Exchange Restrictions With External Domains
EmailEvents
Author: Sergio AlbeaReleased: August 23th, 2025
MDI Dormant Accounts
IdentityInfoIdentityDirectoryEvents
Author: Alex VerboonReleased: August 22th, 2025
MDXDR Attack Disruption And Response
DisruptionAndResponseEvents
Author: Alex VerboonReleased: August 22th, 2025
MDI Identify Service Account O Us
IdentityInfo
Author: Alex VerboonReleased: August 22th, 2025
EEG Assets Allowing Remote Access
ExposureGraphNodesDeviceInfo
Author: Alex VerboonReleased: August 22th, 2025
Arc Compare MDE
ResourcesDeviceInfo
Author: Alex VerboonReleased: August 22th, 2025
D4IOT Connector State
iotsecurityresources
Author: Alex VerboonReleased: August 22th, 2025
AAD Service Principal Risk Events Service Principal At Risk
AADServicePrincipalRiskEvents
Author: Jose Sebastián CanósReleased: August 21th, 2025
Assignment Of Local Administrator Entra Role
AuditLogs
Author: Jay KeraiReleased: August 20th, 2025
Sentinel Workspace Disconnected
CloudAppEvents
Author: Bert-Jan PalsReleased: August 18th, 2025
Entra Auditing Tenant Restrictions V2 Events
SigninLogs
Author: Jay KeraiReleased: August 15th, 2025
Sign In Logs B2B Access Restrictions
SigninLogs
Author: Jay KeraiReleased: August 15th, 2025
Graph API Audit Events Graph URIAPI Request Stats
GraphAPIAuditEvents
Author: Bert-Jan PalsReleased: August 14th, 2025
Graph API Audit Events Graph Resource API Request Stats
GraphAPIAuditEvents
Author: Bert-Jan PalsReleased: August 14th, 2025
Graph API Audit Events App Enrichment AAD Non Interactive User Sign In Logs
GraphAPIAuditEventsAADNonInteractiveUserSignInLogs
Author: Bert-Jan PalsReleased: August 14th, 2025
Graph API Audit Events App Enrichment External Data
GraphAPIAuditEvents
Author: Bert-Jan PalsReleased: August 14th, 2025
Graph API Audit Events IP Enrichment
GraphAPIAuditEvents
Author: Bert-Jan PalsReleased: August 14th, 2025
Graph API Audit Events User Enrichment
GraphAPIAuditEventsIdentityInfo
Author: Bert-Jan PalsReleased: August 14th, 2025
Graph API Audit Events Azure Hound
MicrosoftGraphActivityLogs
Author: Bert-Jan PalsReleased: August 14th, 2025
Request An Actor Token For Graphwindowsnet Using Service To Service S2S
AuditLogs
Author: Jay KeraiReleased: August 14th, 2025
Email Events Sender TLD Count
EmailEvents
Author: Jay KeraiReleased: August 11st, 2025
Risk Based Step Up Consent RBSU For Application
AuditLogs
Author: Jay KeraiReleased: August 7th, 2025
App Consent To Risky Application
AuditLogs
Author: Jay KeraiReleased: August 6th, 2025
Identify Ip Assets From Mdeasm In Exposure Management That Match Ti
ThreatIntelligenceIndicatorExposureGraphNodes
Author: Michalis MichalosReleased: August 5th, 2025
Identify Mdeasm Hosts With High Or Critical Vulnerabilities And A Cvss Score Over 8
ExposureGraphNodes
Author: Michalis MichalosReleased: July 31th, 2025
Identify Assets From Mdeasm In Exposure Management That Match Ti
ThreatIntelligenceIndicatorExposureGraphNodes
Author: Michalis MichalosReleased: July 31th, 2025
Identify Assets From Mdeasm In Exposure Management
ExposureGraphNodes
Author: Michalis MichalosReleased: July 31th, 2025
Identify Cves In Mdeasm Web Pages Through Exposure Management
ExposureGraphNodesExposureGraphEdges
Author: Michalis MichalosReleased: July 31th, 2025
Successful Join Of Fake Device Using ROPC Query By Goldjg
SigninLogsAuditLogs
Author: Jay KeraiReleased: July 30th, 2025
Signin Logs Legacy Protocols Used In Entra ID Authentication
SigninLogs
Author: Jose Sebastián CanósReleased: July 30th, 2025
Multiple Unexpected Account Using A Power Shell App In Entra ID
UUID-EntraIdAppsResultType-SignInLogsErrorCodesRegEx-PrivDomainGroupsRegEx-PrivAADRolesIdentityInfoSigninLogsAADNonInteractiveUserSignInLogs
Author: Jose Sebastián CanósReleased: July 30th, 2025
Unified Microsoft Graph Logs
GraphAPIAuditEvents
Author: Thomas NaunheimReleased: July 30th, 2025
Detect Attempts To Modify Amcachehve Or SYSTEM File
DeviceFileEvents
Author: Sergio AlbeaReleased: July 29th, 2025
Enabled Data Connectors
SentinelHealth
Author: Rod TrentReleased: July 28th, 2025