Last Check In Arc Machines

ResourcesHeartbeat
Author: Bert-Jan PalsReleased: January 20th, 2025

Identify Mail Items Accessed By A Specific IP Address CISA

AADSignInEventsBetaCloudAppEvents
Author: Jay KeraiReleased: January 20th, 2025

Summarizing User Searches Outside Of Normal Working Hours That Contains Sensitive Keywords CISA

CloudAppEvents
Author: Jay KeraiReleased: January 20th, 2025

Risky Sign In Keyword Search CISA

AADSignInEventsBetaCloudAppEvents
Author: Jay KeraiReleased: January 20th, 2025

Display Teams Participation Duration Of Account Associated With A Suspicious IP Address

CloudAppEvents
Author: Jay KeraiReleased: January 20th, 2025

Detecting Windows Security Event Logs Cleaned

DeviceEvents
Author: Sergio AlbeaReleased: January 20th, 2025

CVE 2025 21298 Zero Click RCE

EmailAttachmentInfoEmailEventsDeviceTvmSoftwareVulnerabilitiesDeviceFileEvents
Author: Steven LimReleased: January 20th, 2025

Onboarded Machines By Resource Group

Resources
Author: Bert-Jan PalsReleased: January 19th, 2025

Sneaky 2FA MDO Detection

Sneaky2FATableEmailUrlInfoEmailEvents
Author: Steven LimReleased: January 18th, 2025

Visualizing Fortigate Cve 2022 40684 Belsen Group Leaked Affected Ips

RawFortiGateIPs
Author: Michalis MichalosReleased: January 17th, 2025

KQL Wiz PDF NTLM Leak Detector

DeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: January 16th, 2025

Ivanti Vulnerabilities CVE 2025 0282 And CVE 2025 0283

DeviceTvmSoftwareInventory
Author: Sergio AlbeaReleased: January 15th, 2025

Detecting Base64 Code In Commands

DeviceFileEvents
Author: Sergio AlbeaReleased: January 15th, 2025

Hunting Fasthttp Bruteforce Campaign

AADSignInEventsBeta
Author: Steven LimReleased: January 15th, 2025

Detecting Lumma Stealer Commands

DeviceFileEvents
Author: Sergio AlbeaReleased: January 14th, 2025

DeviceFileEvents
Author: Sergio AlbeaReleased: January 14th, 2025

Hunt For High Volume Phish ISP

CloudAppEventsEmailEvents
Author: Steven LimReleased: January 14th, 2025

MDO Email Threat Classification By ISP

CloudAppEventsEmailEvents
Author: Steven LimReleased: January 12nd, 2025

MDO Email Threat Classification By Country

EmailEvents
Author: Steven LimReleased: January 11st, 2025

Hunting Non Euclid RAT

DeviceFileEventsDeviceEvents
Author: Steven LimReleased: January 10th, 2025

Hunting Aqua Blizzards

DeviceNetworkEvents
Author: Steven LimReleased: January 10th, 2025

Azure P2S Point To Site Connection Success Username And IP Parser

AzureDiagnosticsAADNonInteractiveUserSignInLogs
Author: Jay KeraiReleased: January 9th, 2025

CVES Cases

DeviceTvmSoftwareInventory
Author: Sergio AlbeaReleased: January 9th, 2025

Signin Logs Potential Compliant Device Bypass Attempt

SigninLogs
Author: Jose Sebastián CanósReleased: January 8th, 2025

CVE 2024 43452 Po C Detection

DeviceTvmSoftwareVulnerabilitiesDeviceFileEventsDeviceFileCertificateInfoDeviceEventsDeviceNetworkEvents
Author: Steven LimReleased: January 7th, 2025

CVE 2024 49113 LDAP Nightmare

DeviceNetworkEvents
Author: Bert-Jan PalsReleased: January 6th, 2025

Resource Lock Deletion For Azure Monitor Rule

AzureActivity
Author: Jay KeraiReleased: January 4th, 2025

Machine Onboarded

AzureActivity
Author: Bert-Jan PalsReleased: January 4th, 2025

LDAP Nightmare POC Detection

DnsEvents
Author: Steven LimReleased: January 3rd, 2025

Log Analytic Workspace Deletions

AzureActivity
Author: Jay KeraiReleased: January 2nd, 2025

Sentinel Incident Deletions

AzureActivity
Author: Jay KeraiReleased: January 2nd, 2025

Azure Monitor Rule Disabled

AzureActivity
Author: Jay KeraiReleased: January 1st, 2025

Bring Your Own Minifilter EDR Bypass

DeviceProcessEventsDeviceRegistryEvents
Author: Jay KeraiReleased: December 31th, 2024

Living Off The Tunnels IOCS

DeviceNetworkEvents
Author: Jay KeraiReleased: December 30th, 2024

Security Event AD Unusual Operation

SecurityEvent
Author: Jose Sebastián CanósReleased: December 30th, 2024

Hunting Malicious Chrome Extension

DeviceFileEvents
Author: Steven LimReleased: December 30th, 2024

Custom Detection Disabled

CloudAppEvents
Author: Bert-Jan PalsReleased: December 28th, 2024

CVE 2024 3393 DDOS Detection

CommonSecurityLog
Author: Steven LimReleased: December 27th, 2024

Malicious Senders Hidden Behind Anonymous Proxies

CloudAppEvents
Author: Sergio AlbeaReleased: December 26th, 2024

Rating IS Ps To Detect Potential Malicious Domains Sending Threats

EmailEvents
Author: Sergio AlbeaReleased: December 26th, 2024

Detection Of OOF Message Delivered Externally

EmailEvents
Author: Sergio AlbeaReleased: December 26th, 2024

Detect Spoofed Email Cases

EmailEventsIdentityInfo
Author: Sergio AlbeaReleased: December 26th, 2024

September Updates

DeviceTvmSoftwareVulnerabilitiesDeviceTvmSoftwareVulnerabilitiesKB
Author: Sergio AlbeaReleased: December 26th, 2024

Anonymized Microsoft Graph Activity Logs

MicrosoftGraphActivityLogs
Author: Bert-Jan PalsReleased: December 23th, 2024

Monitor Exclusion Into Conditional Access Policies

AADSignInEventsBeta
Author: Sergio AlbeaReleased: December 23th, 2024

TI Feed Tor Connections

DeviceNetworkEvents
Author: Bert-Jan PalsReleased: December 21th, 2024

Advanced Vishing KQL Detection

TeamsCallLog
Author: Steven LimReleased: December 19th, 2024

Url Haus Abusech Hits In Microsoft Teams

CloudAppEvents
Author: Sergio AlbeaReleased: December 18th, 2024

Power Shell Self Pwn

IdentityInfoDeviceEventsDeviceProcessEvents
Author: Steven LimReleased: December 17th, 2024

Ransomware Tool Matrix Defender Lookup

DeviceProcessEvents
Author: Jay KeraiReleased: December 16th, 2024