KQL Search
Assistant
Generator
Lab
Our Sponsors
❤️
Show Advanced Filters
Table:
Select...
Author:
Select...
Keyword:
Select...
Operator:
Select...
Newsletter
Popular Queries
Statistics
Device Query
Defendnot Detection
DeviceTvmInfoGathering
DeviceRegistryEvents
Author:
Steven Lim
Released:
May 23th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Blob URI Unique Domain Count
DeviceFileEvents
Author:
Steven Lim
Released:
May 22th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
CVE 2025 32705 Out Of Bounds Read Detection
EmailAttachmentInfo
EmailEvents
DeviceTvmSoftwareVulnerabilities
DeviceFileEvents
DeviceEvents
Author:
Steven Lim
Released:
May 22th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
CVSS 98 Rockwell Automation Impacted By High Severity Log4net Vulnerability
DeviceInfo
Author:
Steven Lim
Released:
May 22th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Glibc Critical Vulnerability CVSS 98
DeviceFileEvents
Author:
Steven Lim
Released:
May 22th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Defender XDR Weekly OSINT Indicators Scan 05052025
WeeklyOSINT
EmailAttachmentInfo
EmailUrlInfo
DeviceFileEvents
DeviceNetworkEvents
Author:
Steven Lim
Released:
May 22th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Defender XDR Weekly OSINT Indicators Scan 19052025
WeeklyOSINT
EmailAttachmentInfo
EmailUrlInfo
DeviceFileEvents
DeviceNetworkEvents
Author:
Steven Lim
Released:
May 22th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Defender XDR Weekly OSINT Indicators Scan 12052025
WeeklyOSINT
EmailAttachmentInfo
EmailUrlInfo
DeviceFileEvents
DeviceNetworkEvents
Author:
Steven Lim
Released:
May 22th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Bad Successor Detection
SecurityEvent
DeviceRegistryEvents
Author:
Steven Lim
Released:
May 22th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Malware C2 Comms Over Azure Blob Metadata
DeviceNetworkEvents
Author:
Steven Lim
Released:
May 21th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Global Admin Entra Cookie With Chrome Zero Day
ExposureGraphNodes
ExposureGraphEdges
DeviceProcessEvents
Author:
Steven Lim
Released:
May 20th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Senstive Large File Uploads Using Cloud App Events
CloudAppEvents
Author:
Jay Kerai
Released:
May 20th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
AD User Device Object OU Moves
IdentityDirectoryEvents
Author:
Alex Verboon
Released:
May 19th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
AD Group Policy
IdentityDirectoryEvents DeviceEvents
Author:
Alex Verboon
Released:
May 19th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
AD Account Password Not Required Changed
IdentityDirectoryEvents
Author:
Alex Verboon
Released:
May 19th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
AD Computer Object OS Name Changed
IdentityDirectoryEvents
Author:
Alex Verboon
Released:
May 19th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Devices With High Severity CV Es With Exploits Available
DeviceTvmSoftwareVulnerabilities
DeviceTvmSoftwareVulnerabilitiesKB
Author:
Jay Kerai
Released:
May 19th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Entra Falcon Detection
SigninLogs
AADNonInteractiveUserSignInLogs
Author:
Steven Lim
Released:
May 19th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting Social Engineering Attacks In Teams With KQL
MessageUrlInfo
MessageEvents
Author:
Steven Lim
Released:
May 17th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Critical Identities With Zero Day Chrome Vulnerability
ExposureGraphNodes
ExposureGraphEdges
DeviceProcessEvents
Author:
Steven Lim
Released:
May 17th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
CVE 2025 4664 Chrome Flaw With Public Exploit
DeviceProcessEvents
Author:
Steven Lim
Released:
May 16th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Identities Set To Password Never Expires With Blast Radius Value Or Tagged As Sensitive
IdentityInfo
Author:
Michalis Michalos
Released:
May 16th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Azure AI Security Finding Report
ExposureGraphEdges
Author:
Steven Lim
Released:
May 14th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
ASN Generating High Number Of Connection Requests Based On Average
DeviceNetworkEvents
Author:
Sergio Albea
Released:
May 14th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
User Information Collected Externally When A URL Is Clicked
UrlClickEvents
EmailEvents
Author:
Sergio Albea
Released:
May 14th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Audit User Marked As Compromised By Admin Or App
AuditLogs
SigninLogs
AADServicePrincipalSignInLogs
AADManagedIdentitySignInLogs
Author:
Jay Kerai
Released:
May 13rd, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detecting M365 Copilot Shared Agent
CloudAppEvents
Author:
Steven Lim
Released:
May 12nd, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Internet Facing Devices Vulnerablility Report
DeviceInfo
DeviceTvmSoftwareVulnerabilities
Author:
Steven Lim
Released:
May 12nd, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Security Event Kerberoasting Attack
SecurityEvent
Author:
Jose Sebastián Canós
Released:
May 12nd, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Modifications To Application Management Policy For Entra App Registrations
AuditLogs
Author:
Jay Kerai
Released:
May 11st, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Blob UR Is Creation Trend Analysis
DeviceFileEvents
Author:
Steven Lim
Released:
May 11st, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Purview DLP Activity File Printed
CloudAppEvents
Author:
Alex Verboon
Released:
May 11st, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Purview DLP Activity File Copied To Remote Desktop Session
CloudAppEvents
DeviceNetworkEvents
Author:
Alex Verboon
Released:
May 11st, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Purview DLP Activity File Uploaded To Cloud
CloudAppEvents
Author:
Alex Verboon
Released:
May 11st, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Purview DLP Activity File Copied To Clipboard
CloudAppEvents
Author:
Alex Verboon
Released:
May 11st, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
RMM Hunting With Sentinel TI
ThreatIntelIndicators
Author:
Steven Lim
Released:
May 10th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
SAP Net Weaver Attack By Chinese Threat Actor Impact Assessment
DeviceInfo
DeviceProcessEvents
DeviceNetworkEvents
Author:
Steven Lim
Released:
May 10th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Entra Administrative Units
AuditLogs
CloudAppEvents
Author:
Alex Verboon
Released:
May 10th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
CVE 2025 20188 CVSS 10 Out Of 10
DeviceInfo
Author:
Steven Lim
Released:
May 10th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Outlook New Requirements For High Volume Senders
EmailEvents
Author:
Steven Lim
Released:
May 8th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Multiple Potential Golden SAML Authentication
SigninLogs
AADNonInteractiveUserSignInLogs
ADFSSignInLogs
Author:
Jose Sebastián Canós
Released:
May 8th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Monitor Copilot Agent For Share Point
CloudAppEvents
Author:
Steven Lim
Released:
May 8th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Incidents To Mitre ATTACK Navigator
SecurityIncident
AlertInfo
Author:
Jay Kerai
Released:
May 8th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect Personal One Drive Sync On Corporate Endpoints
DeviceRegistryEvents
Author:
Steven Lim
Released:
May 8th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
M365 Copilot Gone Rouge
The query does not specify a table name.
Author:
Steven Lim
Released:
May 8th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect Entra Token Request Via Bof Io C
AADNonInteractiveUserSignInLogs
Author:
Robbe Van den Daele
Released:
May 6th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Detect Suspicious Foci Token Logins V2
AADNonInteractiveUserSignInLogs
Author:
Robbe Van den Daele
Released:
May 6th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Parsing Wiz Detections
WizDetectionsV3_CL
Author:
Jose Sebastián Canós
Released:
May 6th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Parsing Wiz Issues Old
WizIssues_CL
Author:
Jose Sebastián Canós
Released:
May 6th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X
Teams Messages
MessageEvents
MessageUrlInfo
Author:
Alex Verboon
Released:
May 6th, 2025
Show Query
Show Explanation
Copy URL
Open on GitHub
Share on X