EntraIdSignInEvents
Entra Id Sign In Events Suspicious User Agent
EntraIdSignInEvents
Entra Id Sign In Events Hunting Potential Seamless SSO Usage
DeviceEventsDeviceNetworkInfo
Windows Outbound Firewall Blocks Filtered By Firewall Profile
Nathan Hutchinson|Feb 17, 2026
DeviceEventsDeviceNetworkInfo
Windows Outbound Firewall Blocks Filter By Device And Firewall Profile
Nathan Hutchinson|Feb 17, 2026
DeviceEventsDeviceNetworkInfo
Windows Windows Firewall Outbound Blocked Connections
Nathan Hutchinson|Feb 17, 2026
DeviceEventsDeviceNetworkInfo
Windows Summarise Firewall Outbound Blocks By Firewall Profile
Nathan Hutchinson|Feb 17, 2026
AuditLogs
Security Copilot Agent Deleted
DeviceNetworkEvents
Windows Find Net BIOS Name Service NBNS Usage UDP 137
Nathan Hutchinson|Feb 15, 2026
EmailEventsEmailUrlInfo
Applying Shanon Entropy To Sender Domains Via Kusto
Sergio Albea|Feb 12, 2026
DeviceEvents
Windows Inbound Firewall Blocks By Process
Nathan Hutchinson|Feb 12, 2026
IdentityLogonEvents
Windows Detect NTLM Usage In The Environment
Nathan Hutchinson|Feb 12, 2026
DeviceEvents
Windows All Firewall Inbound Block Events Last 100
Nathan Hutchinson|Feb 12, 2026
DeviceTvmSoftwareVulnerabilitiesDeviceProcessEventsDeviceFileEvents+2
CVE 2026 21510 Windows Shell Security Feature Bypass
Benjamin Zulliger|Feb 11, 2026
EntraUsers
Detection Enrichment Entra User
Bert-Jan Pals|Feb 11, 2026
EntraGroupMembershipsEntraGroups
Detection Enrichment Entra Group Membership
Bert-Jan Pals|Feb 10, 2026
DeviceNetworkEvents
Device IP History
MessageEventsMessageUrlInfo
Detect Malicious Teams Message
Robbe Van den Daele|Feb 10, 2026
MessageEventsIdentityInfoMessageUrlInfo
Detect External User Sending Suspicious Link To Multiple Users
Robbe Van den Daele|Feb 10, 2026
MessageEventsIdentityInfo
Detect Possible Teams Bec Attack By High Teams Recipients
Robbe Van den Daele|Feb 10, 2026
DeviceRegistryEvents
Image File Execution Options IFEO Or Silent Process Exit Registry Modification
Benjamin Zulliger|Feb 9, 2026
DeviceFileEvents
Malicious Browser Extension Downloads Using Device File Events
SigninLogsAADNonInteractiveUserSignInLogs
Detect Potential Consent Fix O Auth Authorisation Code Theft Attempts
AuditLogs
MCP Server Registered To Entra
AuditLogs
Service Principal Adds Client Secret To Target Application
StorageBlobLogs
Potential Storage Enumeration Or Brute Force Attack
AuditLogs
Service Principal Added To Global Administrator Role
MicrosoftGraphActivityLogs
Service Principal Enumeration Of App Role Assignments
AzureActivityAuditLogs
Unauthorized Federated Credential Added To Managed Identity
StorageBlobLogs
Anonymous Retrieval Of Azure Blob Versions
MicrosoftGraphActivityLogs
Azurekid Blackcat Security Module Activity
AuditLogs
Granting Of High Risk Privilege Escalation Permissions To Service Principal
AADServicePrincipalSignInLogs
Service Principal Sign In From New Country
AuditLogs
Privileged Role Assignment Outside Of PIM
StorageFileLogs
Successful Azure Storage File Access From Unauthorized Geo Location
DeviceProcessEvents
Notepad Chrysalis Backdoor Gupexe Spawned Binaries Excluding Known Good Notepad Hashes
DeviceNetworkEvents
Notepad Chrysalis Backdoor Gupexe Detection
DeviceProcessEventsDeviceNetworkEvents
Notepad Chrysalis Backdoor Spawned Binaries Network Connections Correlation
DeviceTvmInfoGatheringDeviceEvents
Windows Trigger Full Scan For Devices That Have Not Completed One
Nathan Hutchinson|Feb 2, 2026
SigninLogs
Emergency Access Usage Alert
Nathan Hutchinson|Feb 2, 2026
IdentityLogonEventsIdentityInfo
Auto Disable High Risk AD User
Nathan Hutchinson|Feb 2, 2026
AuditLogs
Azure RBAC Elevation Via User Access Admin Toggle
Nathan Hutchinson|Feb 2, 2026
DeviceInfoDeviceTvmInfoGatheringDeviceEvents
Windows Trigger Full Scan For Devices That Have Not Completed One Windows Clients Only
Nathan Hutchinson|Feb 2, 2026
DeviceTvmInfoGatheringDeviceEvents
Windows Recent Devices Missing Full Scan
Nathan Hutchinson|Feb 2, 2026
DeviceInfoDeviceNetworkEvents
Linux Server Public Egress Baseline High Fidelity
Nathan Hutchinson|Feb 2, 2026
DeviceNetworkEvents
Linux Network Fanout From The Upload Process
Nathan Hutchinson|Feb 2, 2026
DeviceInfoDeviceProcessEvents
Linux LO Lbin Downloads To Temporary Directories
Nathan Hutchinson|Feb 2, 2026
DeviceInfoDeviceNetworkEvents
Linux Network Events Baseline Report Id Dedupe
Nathan Hutchinson|Feb 2, 2026
DeviceInfoDeviceEvents
Linux Antivirus Activity
Nathan Hutchinson|Feb 2, 2026
DeviceProcessEvents
Linux User Activity Leading Up To Exfiltration
Nathan Hutchinson|Feb 2, 2026
DeviceInfoDeviceFileEvents
Linux File Activity Baseline
Nathan Hutchinson|Feb 2, 2026