KQL Search
Assistant
Generator
Lab
Our Sponsors
❤️
Show Advanced Filters
Table:
Select...
Author:
Select...
Keyword:
Select...
Operator:
Select...
Newsletter
Popular Queries
Statistics
Submit query
Device Query
Av Scan Results
Author:
Bert-Jan Pals
Released:
10/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identity Directory Events SID History Changed
Author:
Jose Sebastián Canós
Released:
10/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identity Directory Events ADFS DKM Property Read
Author:
Jose Sebastián Canós
Released:
10/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Parsing Unified AZKV Audit Logs
Author:
Jose Sebastián Canós
Released:
10/8/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Custom Detection Report
Author:
Bert-Jan Pals
Released:
10/8/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Mamba 2FA Phishing As A Service
Author:
Steven Lim
Released:
10/8/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect Pn P Devices Connected To My Endpoint Machines
Author:
Sergio Albea
Released:
10/7/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identify Network Shares With Write Permissions Set To Everyone In Highly Exposed Devices
Author:
Michalis Michalos
Released:
10/6/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Top 10 Most Sprayed UP Ns By I Ps And Countries Using Behaviour Analytics
Author:
Steven Lim
Released:
10/6/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Self Signed Certificates
Author:
Michalis Michalos
Released:
10/6/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Defender XDR Threat Hunting DNS Tunneling
Author:
Steven Lim
Released:
10/5/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Sentinel Threat Hunting DNS Tunneling
Author:
Steven Lim
Released:
10/5/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Threat Hunting MDE Network Intrusion Discovery
Author:
Steven Lim
Released:
10/3/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Windows Side Loading DLL Attacks
Author:
Steven Lim
Released:
10/3/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
RMM Connection
Author:
Bert-Jan Pals
Released:
10/2/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Missing Logs In Email Events
Author:
Jose Sebastián Canós
Released:
10/2/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Custom Detection For CVE 2024 38200 NTL Mv2 Hash Exposure
Author:
Steven Lim
Released:
9/29/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Measuring Sentinel Watch List Effectiveness Using Behaviour Analytics
Author:
Steven Lim
Released:
9/29/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Entra Cross Tenant Activity Monitoring
Author:
Steven Lim
Released:
9/28/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Custom Detection Rule For CUPS Installation In Defender XDR
Author:
Steven Lim
Released:
9/27/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Finding Internet Facing Device With CUPS
Author:
Steven Lim
Released:
9/27/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Check Malicious Link Or Email
Author:
Jose Sebastián Canós
Released:
9/26/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Sign In From Suspicious IP
Author:
Bert-Jan Pals
Released:
9/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Monitoring Microsoft 365 Copilot Web Search Queries With Defender XDR
Author:
Steven Lim
Released:
9/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Power Shell Possible C2connection
Author:
Ali Hussein
Released:
9/25/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Email Typosquatted Email Recieved
Author:
Bert-Jan Pals
Released:
9/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Nation State Threat Actors With Custom KQL Queries
Author:
Steven Lim
Released:
9/24/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Purview DLP Endpoint Alert Info
Author:
Jose Sebastián Canós
Released:
9/23/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
High Risk Assets With Command Line Credentials
Author:
Steven Lim
Released:
9/22/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Monitoring Restricted Management Administrative Units Abuse
Author:
Steven Lim
Released:
9/21/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Signature Ring Distribution
Author:
Bert-Jan Pals
Released:
9/19/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Password Spraying Detection In Active Directory
Author:
Steven Lim
Released:
9/19/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Purview DLP Share Point Alert Info
Author:
Jose Sebastián Canós
Released:
9/19/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Purview DLP One Drive Alert Info
Author:
Jose Sebastián Canós
Released:
9/19/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Purview DLP Exchange Alert Info
Author:
Jose Sebastián Canós
Released:
9/19/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Purview DLP Teams Alert Info
Author:
Jose Sebastián Canós
Released:
9/19/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect API Spray Attack On Your Entra High Value Assets
Author:
Steven Lim
Released:
9/18/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Suspicious SSH Connection Inspections
Author:
Sergio Albea
Released:
9/18/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Pivot ASR Config
Author:
Bert-Jan Pals
Released:
9/17/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Twill Typhoon VS Code Exploit
Author:
Steven Lim
Released:
9/16/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Windows Downdate Abuse
Author:
Steven Lim
Released:
9/14/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identify Suspicious Certificates In Endpoints With Zero Keysize And No Signature Algorithm
Author:
Michalis Michalos
Released:
9/13/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Interactive Web Login
Author:
Rod Trent
Released:
9/13/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect External Sources Scanning My Exposed Devices
Author:
Sergio Albea
Released:
9/13/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
MDE TVM Exposure Level
Author:
Alex Verboon
Released:
9/12/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Office365 Recycled Restored
Author:
Alex Verboon
Released:
9/12/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Office365 Customer Lockbox
Author:
Alex Verboon
Released:
9/12/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Microsoft September Updates
Author:
Sergio Albea
Released:
9/11/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Entra Roles Report
Author:
Bert-Jan Pals
Released:
9/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Devtunnelcodetunneling
Author:
Ali Hussein
Released:
9/9/2024
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X