KQL Search
Search engine for KQL Queries
Assistant
Generator
Lab
Show Advanced Filters
Table:
Select...
Author:
Select...
Keyword:
Select...
Operator:
Select...
Newsletter
Statistics
Submit query
Reg Sam Dumping
Author: Ali Hussein
Released: 7/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Client IP Malfunction
Author: Jose Sebastián Canós
Released: 7/23/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Crowdstrike Suspicious Domains
Author: Michalis Michalos
Released: 7/20/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Security Event Unusual Kerberos Authentication Ticket TGT
Author: Jose Sebastián Canós
Released: 7/17/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Visualization Email Post Delivery Events
Author: Bert-Jan Pals
Released: 7/16/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Managed Identity Assignments To Resource
Author: Thomas Naunheim
Released: 7/16/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Alerts Related To Deception In Microsoft Defender Xdr
Author: Michalis Michalos
Released: 7/13/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Crypto Mining Detection
Author: Ali Hussein
Released: 7/10/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Xclip Executions
Author: Ali Hussein
Released: 7/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Shadow File Modified
Author: Ali Hussein
Released: 7/7/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
CVE 2024 6387 Regresshion Identify Affected Internet Facing Endpoints
Author: Michalis Michalos
Released: 7/4/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
CVE 2024 6387 Regresshion Identify Affected Endpoints
Author: Michalis Michalos
Released: 7/4/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Multiple Multiple Device Names From IP Address
Author: Jose Sebastián Canós
Released: 7/3/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Security Event Unusual IPC Share Access
Author: Jose Sebastián Canós
Released: 7/2/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Security Event Unusual Network Share Access
Author: Jose Sebastián Canós
Released: 7/2/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Activity Increase By Date
Author: Rod Trent
Released: 7/1/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
TI Feed Ja3blacklist
Author: Bert-Jan Pals
Released: 6/29/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Mail Items Accessed
Author: Bert-Jan Pals
Released: 6/27/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Device Registry Events Unexpected Network Provider
Author: Jose Sebastián Canós
Released: 6/27/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Exposure Management Lateral Movement Paths
Author: Bert-Jan Pals
Released: 6/27/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Exposure Management Device Activities
Author: Bert-Jan Pals
Released: 6/26/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Exposure Management Cloud Permissions User
Author: Bert-Jan Pals
Released: 6/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE WSL
Author: Alex Verboon
Released: 6/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Device Network Events SSL Connection With Suspicious JA3 Fingerprint
Author: Jose Sebastián Canós
Released: 6/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Malicious Ja3fingerprint
Author: Ali Hussein
Released: 6/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
AD Failed Logons
Author: Alex Verboon
Released: 6/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
DFC Cloud Audit Events
Author: Alex Verboon
Released: 6/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDO QR Code
Author: Alex Verboon
Released: 6/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE Windows 11 Missing Security Updates
Author: Alex Verboon
Released: 6/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE WDAC
Author: Alex Verboon
Released: 6/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Sentinel E5security Benefit
Author: Alex Verboon
Released: 6/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE Device Isolationstate
Author: Alex Verboon
Released: 6/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE Entra Synthetic Device
Author: Alex Verboon
Released: 6/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Suspicious Execution Using Wsl
Author: Michalis Michalos
Released: 6/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Suspicious Creation Of Files In Etc For Persistance In Wsl
Author: Michalis Michalos
Released: 6/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Suspicious Reconnaissance Activity Through Wsl
Author: Michalis Michalos
Released: 6/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Cloud Resource Deletion
Author: Bert-Jan Pals
Released: 6/21/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Most Permissive Entities
Author: Bert-Jan Pals
Released: 6/20/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
RBAC Changes
Author: Bert-Jan Pals
Released: 6/19/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE Audit
Author: Alex Verboon
Released: 6/17/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Automation Account Runbook Status
Author: Alex Verboon
Released: 6/17/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identify Endpoints Running Wsl Without Mde Plug In
Author: Michalis Michalos
Released: 6/16/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identify Endpoints Running Wsl
Author: Michalis Michalos
Released: 6/15/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Email Countby Country
Author: Rod Trent
Released: 6/10/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Security Event Malformed Security Descriptor
Author: Jose Sebastián Canós
Released: 6/10/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Ransomware Leaksite Montitoring
Author: Bert-Jan Pals
Released: 6/10/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Users Affected By MFA Enforcement
Author: Sergio Albea
Released: 6/7/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Successful Foreign Login Attempts Analysis
Author: Muzammil Mahmood
Released: 6/7/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
RDP Connections From Devices To Remote IP Classified By Country
Author: Sergio Albea
Released: 6/7/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
TI Open Phish Free Feed Hits In Email Url Info
Author: Benjamin Zulliger
Released: 6/7/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Loading...
Privacy policy
Imprint
Made by
Ugur Koc
with ☕
KQL Community
FAQ