Defendnot Detection

DeviceTvmInfoGatheringDeviceRegistryEvents
Author: Steven LimReleased: May 23th, 2025

Blob URI Unique Domain Count

DeviceFileEvents
Author: Steven LimReleased: May 22th, 2025

CVE 2025 32705 Out Of Bounds Read Detection

EmailAttachmentInfoEmailEventsDeviceTvmSoftwareVulnerabilitiesDeviceFileEventsDeviceEvents
Author: Steven LimReleased: May 22th, 2025

CVSS 98 Rockwell Automation Impacted By High Severity Log4net Vulnerability

DeviceInfo
Author: Steven LimReleased: May 22th, 2025

Glibc Critical Vulnerability CVSS 98

DeviceFileEvents
Author: Steven LimReleased: May 22th, 2025

Defender XDR Weekly OSINT Indicators Scan 05052025

WeeklyOSINTEmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: May 22th, 2025

Defender XDR Weekly OSINT Indicators Scan 19052025

WeeklyOSINTEmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: May 22th, 2025

Defender XDR Weekly OSINT Indicators Scan 12052025

WeeklyOSINTEmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: May 22th, 2025

Bad Successor Detection

SecurityEventDeviceRegistryEvents
Author: Steven LimReleased: May 22th, 2025

Malware C2 Comms Over Azure Blob Metadata

DeviceNetworkEvents
Author: Steven LimReleased: May 21th, 2025

Global Admin Entra Cookie With Chrome Zero Day

ExposureGraphNodesExposureGraphEdgesDeviceProcessEvents
Author: Steven LimReleased: May 20th, 2025

Senstive Large File Uploads Using Cloud App Events

CloudAppEvents
Author: Jay KeraiReleased: May 20th, 2025

AD User Device Object OU Moves

IdentityDirectoryEvents
Author: Alex VerboonReleased: May 19th, 2025

AD Group Policy

IdentityDirectoryEvents DeviceEvents
Author: Alex VerboonReleased: May 19th, 2025

AD Account Password Not Required Changed

IdentityDirectoryEvents
Author: Alex VerboonReleased: May 19th, 2025

AD Computer Object OS Name Changed

IdentityDirectoryEvents
Author: Alex VerboonReleased: May 19th, 2025

Devices With High Severity CV Es With Exploits Available

DeviceTvmSoftwareVulnerabilitiesDeviceTvmSoftwareVulnerabilitiesKB
Author: Jay KeraiReleased: May 19th, 2025

Entra Falcon Detection

SigninLogsAADNonInteractiveUserSignInLogs
Author: Steven LimReleased: May 19th, 2025

Detecting Social Engineering Attacks In Teams With KQL

MessageUrlInfoMessageEvents
Author: Steven LimReleased: May 17th, 2025

Critical Identities With Zero Day Chrome Vulnerability

ExposureGraphNodesExposureGraphEdgesDeviceProcessEvents
Author: Steven LimReleased: May 17th, 2025

CVE 2025 4664 Chrome Flaw With Public Exploit

DeviceProcessEvents
Author: Steven LimReleased: May 16th, 2025

Identities Set To Password Never Expires With Blast Radius Value Or Tagged As Sensitive

IdentityInfo
Author: Michalis MichalosReleased: May 16th, 2025

Azure AI Security Finding Report

ExposureGraphEdges
Author: Steven LimReleased: May 14th, 2025

ASN Generating High Number Of Connection Requests Based On Average

DeviceNetworkEvents
Author: Sergio AlbeaReleased: May 14th, 2025

User Information Collected Externally When A URL Is Clicked

UrlClickEventsEmailEvents
Author: Sergio AlbeaReleased: May 14th, 2025

Audit User Marked As Compromised By Admin Or App

AuditLogsSigninLogsAADServicePrincipalSignInLogsAADManagedIdentitySignInLogs
Author: Jay KeraiReleased: May 13rd, 2025

Detecting M365 Copilot Shared Agent

CloudAppEvents
Author: Steven LimReleased: May 12nd, 2025

Internet Facing Devices Vulnerablility Report

DeviceInfoDeviceTvmSoftwareVulnerabilities
Author: Steven LimReleased: May 12nd, 2025

Security Event Kerberoasting Attack

SecurityEvent
Author: Jose Sebastián CanósReleased: May 12nd, 2025

Modifications To Application Management Policy For Entra App Registrations

AuditLogs
Author: Jay KeraiReleased: May 11st, 2025

Blob UR Is Creation Trend Analysis

DeviceFileEvents
Author: Steven LimReleased: May 11st, 2025

Purview DLP Activity File Printed

CloudAppEvents
Author: Alex VerboonReleased: May 11st, 2025

Purview DLP Activity File Copied To Remote Desktop Session

CloudAppEventsDeviceNetworkEvents
Author: Alex VerboonReleased: May 11st, 2025

Purview DLP Activity File Uploaded To Cloud

CloudAppEvents
Author: Alex VerboonReleased: May 11st, 2025

Purview DLP Activity File Copied To Clipboard

CloudAppEvents
Author: Alex VerboonReleased: May 11st, 2025

RMM Hunting With Sentinel TI

ThreatIntelIndicators
Author: Steven LimReleased: May 10th, 2025

SAP Net Weaver Attack By Chinese Threat Actor Impact Assessment

DeviceInfoDeviceProcessEventsDeviceNetworkEvents
Author: Steven LimReleased: May 10th, 2025

Entra Administrative Units

AuditLogsCloudAppEvents
Author: Alex VerboonReleased: May 10th, 2025

CVE 2025 20188 CVSS 10 Out Of 10

DeviceInfo
Author: Steven LimReleased: May 10th, 2025

Outlook New Requirements For High Volume Senders

EmailEvents
Author: Steven LimReleased: May 8th, 2025

Multiple Potential Golden SAML Authentication

SigninLogsAADNonInteractiveUserSignInLogsADFSSignInLogs
Author: Jose Sebastián CanósReleased: May 8th, 2025

Monitor Copilot Agent For Share Point

CloudAppEvents
Author: Steven LimReleased: May 8th, 2025

Incidents To Mitre ATTACK Navigator

SecurityIncidentAlertInfo
Author: Jay KeraiReleased: May 8th, 2025

Detect Personal One Drive Sync On Corporate Endpoints

DeviceRegistryEvents
Author: Steven LimReleased: May 8th, 2025

M365 Copilot Gone Rouge

The query does not specify a table name.
Author: Steven LimReleased: May 8th, 2025

Detect Entra Token Request Via Bof Io C

AADNonInteractiveUserSignInLogs
Author: Robbe Van den DaeleReleased: May 6th, 2025

Detect Suspicious Foci Token Logins V2

AADNonInteractiveUserSignInLogs
Author: Robbe Van den DaeleReleased: May 6th, 2025

Parsing Wiz Detections

WizDetectionsV3_CL
Author: Jose Sebastián CanósReleased: May 6th, 2025

Parsing Wiz Issues Old

WizIssues_CL
Author: Jose Sebastián CanósReleased: May 6th, 2025

Teams Messages

MessageEventsMessageUrlInfo
Author: Alex VerboonReleased: May 6th, 2025