Our Sponsors ❤️
EmailEventsEmailUrlInfo
Applying Shanon Entropy To Sender Domains Via Kusto
IdentityLogonEvents
Windows Detect NTLM Usage In The Environment
DeviceEvents
Windows All Firewall Inbound Block Events Last 100
DeviceEvents
Windows Inbound Firewall Blocks By Process
DeviceTvmSoftwareVulnerabilitiesDeviceProcessEventsDeviceFileEvents+2
CVE 2026 21510 Windows Shell Security Feature Bypass
EntraUsers
Detection Enrichment Entra User
EntraGroupMembershipsEntraGroups
Detection Enrichment Entra Group Membership
DeviceNetworkEvents
Device IP History
MessageEventsMessageUrlInfo
Detect Malicious Teams Message
MessageEventsIdentityInfoMessageUrlInfo
Detect External User Sending Suspicious Link To Multiple Users
MessageEventsIdentityInfo
Detect Possible Teams Bec Attack By High Teams Recipients
DeviceRegistryEvents
Image File Execution Options IFEO Or Silent Process Exit Registry Modification
DeviceFileEvents
Malicious Browser Extension Downloads Using Device File Events
SigninLogsAADNonInteractiveUserSignInLogs
Detect Potential Consent Fix O Auth Authorisation Code Theft Attempts
AuditLogs
MCP Server Registered To Entra
StorageFileLogs
Successful Azure Storage File Access From Unauthorized Geo Location
AuditLogs
Service Principal Added To Global Administrator Role
AuditLogs
Granting Of High Risk Privilege Escalation Permissions To Service Principal
AADServicePrincipalSignInLogs
Service Principal Sign In From New Country
AuditLogs
Privileged Role Assignment Outside Of PIM
AuditLogs
Service Principal Adds Client Secret To Target Application
MicrosoftGraphActivityLogs
Service Principal Enumeration Of App Role Assignments
MicrosoftGraphActivityLogs
Azurekid Blackcat Security Module Activity
StorageBlobLogs
Potential Storage Enumeration Or Brute Force Attack
StorageBlobLogs
Anonymous Retrieval Of Azure Blob Versions
AzureActivityAuditLogs
Unauthorized Federated Credential Added To Managed Identity
DeviceProcessEvents
Notepad Chrysalis Backdoor Gupexe Spawned Binaries Excluding Known Good Notepad Hashes
DeviceNetworkEvents
Notepad Chrysalis Backdoor Gupexe Detection
DeviceProcessEventsDeviceNetworkEvents
Notepad Chrysalis Backdoor Spawned Binaries Network Connections Correlation
DeviceTvmInfoGatheringDeviceEvents
Windows Trigger Full Scan For Devices That Have Not Completed One
SigninLogs
Emergency Access Usage Alert
DeviceInfoDeviceTvmInfoGatheringDeviceEvents
Windows Trigger Full Scan For Devices That Have Not Completed One Windows Clients Only
AuditLogs
Azure RBAC Elevation Via User Access Admin Toggle
IdentityLogonEventsIdentityInfo
Auto Disable High Risk AD User
DeviceTvmInfoGatheringDeviceEvents
Windows Recent Devices Missing Full Scan
DeviceInfoDeviceEventsDeviceProcessEvents+3
Linux Action Type Inventory All Tables
DeviceInfoDeviceNetworkEvents
Linux Desktop Public Egress Baseline Low Noise
DeviceInfoDeviceFileEvents
Linux File Activity Baseline
DeviceNetworkEvents
Linux Network Fanout From The Upload Process
DeviceInfoDeviceEvents
Linux Antivirus Activity
DeviceInfoDeviceNetworkEvents
Linux Server Public Egress Baseline High Fidelity
DeviceInfoDeviceLogonEvents
Linux Logon Activity
DeviceInfoDeviceProcessEvents
Linux LO Lbin Downloads To Temporary Directories
DeviceProcessEvents
Linux User Activity Leading Up To Exfiltration
DeviceInfoDeviceEvents
Linux Script Activity Script Content
DeviceProcessEventsDeviceNetworkEvents
Linux Archive Command Followed By Upload Egress
DeviceInfoDeviceFileEvents
Linux Suspicious Cron Persistence
DeviceInfoDeviceNetworkEvents
Linux Network Events Baseline Report Id Dedupe
DeviceNetworkEvents
Notepad Chrysalis Backdoor Network IO Cs
DeviceFileEvents