Our Sponsors ❤️
Defendnot Detection
DeviceTvmInfoGatheringDeviceRegistryEvents
Author: Steven LimReleased: May 23th, 2025
Blob URI Unique Domain Count
DeviceFileEvents
Author: Steven LimReleased: May 22th, 2025
CVE 2025 32705 Out Of Bounds Read Detection
EmailAttachmentInfoEmailEventsDeviceTvmSoftwareVulnerabilitiesDeviceFileEventsDeviceEvents
Author: Steven LimReleased: May 22th, 2025
CVSS 98 Rockwell Automation Impacted By High Severity Log4net Vulnerability
DeviceInfo
Author: Steven LimReleased: May 22th, 2025
Glibc Critical Vulnerability CVSS 98
DeviceFileEvents
Author: Steven LimReleased: May 22th, 2025
Defender XDR Weekly OSINT Indicators Scan 05052025
WeeklyOSINTEmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: May 22th, 2025
Defender XDR Weekly OSINT Indicators Scan 19052025
WeeklyOSINTEmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: May 22th, 2025
Defender XDR Weekly OSINT Indicators Scan 12052025
WeeklyOSINTEmailAttachmentInfoEmailUrlInfoDeviceFileEventsDeviceNetworkEvents
Author: Steven LimReleased: May 22th, 2025
Bad Successor Detection
SecurityEventDeviceRegistryEvents
Author: Steven LimReleased: May 22th, 2025
Malware C2 Comms Over Azure Blob Metadata
DeviceNetworkEvents
Author: Steven LimReleased: May 21th, 2025
Global Admin Entra Cookie With Chrome Zero Day
ExposureGraphNodesExposureGraphEdgesDeviceProcessEvents
Author: Steven LimReleased: May 20th, 2025
Senstive Large File Uploads Using Cloud App Events
CloudAppEvents
Author: Jay KeraiReleased: May 20th, 2025
AD User Device Object OU Moves
IdentityDirectoryEvents
Author: Alex VerboonReleased: May 19th, 2025
AD Group Policy
IdentityDirectoryEvents
DeviceEvents
Author: Alex VerboonReleased: May 19th, 2025
AD Account Password Not Required Changed
IdentityDirectoryEvents
Author: Alex VerboonReleased: May 19th, 2025
AD Computer Object OS Name Changed
IdentityDirectoryEvents
Author: Alex VerboonReleased: May 19th, 2025
Devices With High Severity CV Es With Exploits Available
DeviceTvmSoftwareVulnerabilitiesDeviceTvmSoftwareVulnerabilitiesKB
Author: Jay KeraiReleased: May 19th, 2025
Entra Falcon Detection
SigninLogsAADNonInteractiveUserSignInLogs
Author: Steven LimReleased: May 19th, 2025
Detecting Social Engineering Attacks In Teams With KQL
MessageUrlInfoMessageEvents
Author: Steven LimReleased: May 17th, 2025
Critical Identities With Zero Day Chrome Vulnerability
ExposureGraphNodesExposureGraphEdgesDeviceProcessEvents
Author: Steven LimReleased: May 17th, 2025
CVE 2025 4664 Chrome Flaw With Public Exploit
DeviceProcessEvents
Author: Steven LimReleased: May 16th, 2025
Identities Set To Password Never Expires With Blast Radius Value Or Tagged As Sensitive
IdentityInfo
Author: Michalis MichalosReleased: May 16th, 2025
Azure AI Security Finding Report
ExposureGraphEdges
Author: Steven LimReleased: May 14th, 2025
ASN Generating High Number Of Connection Requests Based On Average
DeviceNetworkEvents
Author: Sergio AlbeaReleased: May 14th, 2025
User Information Collected Externally When A URL Is Clicked
UrlClickEventsEmailEvents
Author: Sergio AlbeaReleased: May 14th, 2025
Audit User Marked As Compromised By Admin Or App
AuditLogsSigninLogsAADServicePrincipalSignInLogsAADManagedIdentitySignInLogs
Author: Jay KeraiReleased: May 13rd, 2025
Detecting M365 Copilot Shared Agent
CloudAppEvents
Author: Steven LimReleased: May 12nd, 2025
Internet Facing Devices Vulnerablility Report
DeviceInfoDeviceTvmSoftwareVulnerabilities
Author: Steven LimReleased: May 12nd, 2025
Security Event Kerberoasting Attack
SecurityEvent
Author: Jose Sebastián CanósReleased: May 12nd, 2025
Modifications To Application Management Policy For Entra App Registrations
AuditLogs
Author: Jay KeraiReleased: May 11st, 2025
Blob UR Is Creation Trend Analysis
DeviceFileEvents
Author: Steven LimReleased: May 11st, 2025
Purview DLP Activity File Printed
CloudAppEvents
Author: Alex VerboonReleased: May 11st, 2025
Purview DLP Activity File Copied To Remote Desktop Session
CloudAppEventsDeviceNetworkEvents
Author: Alex VerboonReleased: May 11st, 2025
Purview DLP Activity File Uploaded To Cloud
CloudAppEvents
Author: Alex VerboonReleased: May 11st, 2025
Purview DLP Activity File Copied To Clipboard
CloudAppEvents
Author: Alex VerboonReleased: May 11st, 2025
RMM Hunting With Sentinel TI
ThreatIntelIndicators
Author: Steven LimReleased: May 10th, 2025
SAP Net Weaver Attack By Chinese Threat Actor Impact Assessment
DeviceInfoDeviceProcessEventsDeviceNetworkEvents
Author: Steven LimReleased: May 10th, 2025
Entra Administrative Units
AuditLogsCloudAppEvents
Author: Alex VerboonReleased: May 10th, 2025
CVE 2025 20188 CVSS 10 Out Of 10
DeviceInfo
Author: Steven LimReleased: May 10th, 2025
Outlook New Requirements For High Volume Senders
EmailEvents
Author: Steven LimReleased: May 8th, 2025
Multiple Potential Golden SAML Authentication
SigninLogsAADNonInteractiveUserSignInLogsADFSSignInLogs
Author: Jose Sebastián CanósReleased: May 8th, 2025
Monitor Copilot Agent For Share Point
CloudAppEvents
Author: Steven LimReleased: May 8th, 2025
Incidents To Mitre ATTACK Navigator
SecurityIncidentAlertInfo
Author: Jay KeraiReleased: May 8th, 2025
Detect Personal One Drive Sync On Corporate Endpoints
DeviceRegistryEvents
Author: Steven LimReleased: May 8th, 2025
M365 Copilot Gone Rouge
The query does not specify a table name.
Author: Steven LimReleased: May 8th, 2025
Detect Entra Token Request Via Bof Io C
AADNonInteractiveUserSignInLogs
Author: Robbe Van den DaeleReleased: May 6th, 2025
Detect Suspicious Foci Token Logins V2
AADNonInteractiveUserSignInLogs
Author: Robbe Van den DaeleReleased: May 6th, 2025
Parsing Wiz Detections
WizDetectionsV3_CL
Author: Jose Sebastián CanósReleased: May 6th, 2025
Parsing Wiz Issues Old
WizIssues_CL
Author: Jose Sebastián CanósReleased: May 6th, 2025
Teams Messages
MessageEventsMessageUrlInfo
Author: Alex VerboonReleased: May 6th, 2025