KQL Search
Assistant
Generator
Lab
Our Sponsors
❤️
Show Advanced Filters
Table:
Select...
Author:
Select...
Keyword:
Select...
Operator:
Select...
Newsletter
Popular Queries
Statistics
Submit query
Device Query
Detecting Teams Red Team Tool Convo C2
Author:
Steven Lim
Released:
12/11/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Hunting Zloader DNS Tunneling
Author:
Steven Lim
Released:
12/11/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Url Haus Abusech Hits In Microsoft Teams
Author:
Sergio Albea
Released:
12/10/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Monitoring M Teams Activities Such As Shared UR Ls One To One Chats And Domains Participating Into Meetings
Author:
Sergio Albea
Released:
12/10/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Enhanced Cloudflare Phishing Email Detections
Author:
Steven Lim
Released:
12/10/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Azure Dev Ops Code Recommendations
Author:
Alex Verboon
Released:
12/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Behaviour Suspicious Named Pipes
Author:
Bert-Jan Pals
Released:
12/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect Black Basta Ransomware Campaign RMM Tools Deployment
Author:
Steven Lim
Released:
12/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect Defender XDR Services And Features Disabled On Devices
Author:
Sergio Albea
Released:
12/8/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Blue Alpha Gamma Drop Detection
Author:
Steven Lim
Released:
12/7/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
New URL File NTLM Hash Disclosure Vulnerability Detection 0day
Author:
Steven Lim
Released:
12/6/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Email Events From Email Providers
Author:
Jay Kerai
Released:
12/6/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Hunting Malicious Oauth Grant By Phished User
Author:
Steven Lim
Released:
12/5/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identify And Summarize Processor Families In Your Environment
Author:
Michalis Michalos
Released:
12/5/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identify Non Compliant Controls With Relevant Remediation Actions
Author:
Michalis Michalos
Released:
12/5/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Visualization Active CISAKEV
Author:
Bert-Jan Pals
Released:
12/3/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Abuse Of Wevtutilexe In LOLBAS Attacks
Author:
Steven Lim
Released:
12/3/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Classifying Browser Extension By Type And Risk Severity
Author:
Sergio Albea
Released:
12/2/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Large Number Of Analytics Rules Deleted
Author:
Bert-Jan Pals
Released:
12/2/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Any Run Corrupt File Zero Day Attack
Author:
Steven Lim
Released:
12/2/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Sentinel Timeroasting KQL Detection
Author:
Steven Lim
Released:
12/2/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Sentinel KQL Detection For Shadow Hound
Author:
Steven Lim
Released:
12/1/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Inbound Authentication From Public IP
Author:
Bert-Jan Pals
Released:
12/1/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Audit Justifications For PIM Requests
Author:
Jay Kerai
Released:
11/30/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Disabling Global Secure Access By Registry
Author:
Jay Kerai
Released:
11/30/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Hunting Rockstar 2FA
Author:
Steven Lim
Released:
11/29/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
AAD Sign In Events Beta Suspicious User Agent
Author:
Jay Kerai
Released:
11/28/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Cloud App Suspicious Copilot Agent Detection
Author:
Steven Lim
Released:
11/27/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Endpoint SMB Exposed On Public Internet
Author:
Steven Lim
Released:
11/26/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Anomalies Unusual Anomaly
Author:
Jose Sebastián Canós
Released:
11/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Get To Know Your Misp Threat Intelligence Feed
Author:
Michalis Michalos
Released:
11/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Audit Justifications For Self Approval PIM Requests
Author:
Jay Kerai
Released:
11/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Hunting Malicious Copilot Agent
Author:
Steven Lim
Released:
11/23/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Phishing Emails With Cloudflare R2 UR Ls
Author:
Steven Lim
Released:
11/22/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Rating ISP To Detect Potential Attacks And IO Cs Source
Author:
Sergio Albea
Released:
11/21/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Email Campaign Exploiting SVG Files And Trycloudflarecom To Spread Malware
Author:
Steven Lim
Released:
11/21/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Click Fix Social Engineering Attack Detection
Author:
Steven Lim
Released:
11/20/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Brazen Bamboos Forti Client Exploit A KQL Approach
Author:
Steven Lim
Released:
11/19/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Azure Dev Ops Third Party Application Access Via O Auth
Author:
Alex Verboon
Released:
11/18/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Azure Dev Ops External Guest Access
Author:
Alex Verboon
Released:
11/18/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Azure Dev Ops Enable IP Conditional Access Policy Validation
Author:
Alex Verboon
Released:
11/18/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Azure Dev Ops Log Audit Events
Author:
Alex Verboon
Released:
11/18/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Azure Dev Ops Additional Protection When Using Public Package Registries
Author:
Alex Verboon
Released:
11/18/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Azure Dev Ops Allow Public Projects
Author:
Alex Verboon
Released:
11/18/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Azure Dev Ops SSH Authentication
Author:
Alex Verboon
Released:
11/18/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
CVE 2024 0012 PAN OS Authentication Bypass In The Management Web Interface
Author:
Steven Lim
Released:
11/18/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Brands Impersonation Phishing Trend
Author:
Steven Lim
Released:
11/18/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Innovative Detection Techniques Against ZIP Concatenation Attacks
Author:
Steven Lim
Released:
11/17/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Office Add In Installs
Author:
Jay Kerai
Released:
11/17/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Missing Dlp Rule Match Entities In Cloud App Events
Author:
Jose Sebastián Canós
Released:
11/15/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X