List Statistics Of On-boarded Devices Per Operating System
Description This KQL query lists how many devices have been on-boarded per operating system. Query Defender For Endpoint Microsoft Sentinel
Read MoreBuild+Break+Secure
Where Every Failure Becomes A Manual
Author: Wayne Andes
Hunt For Newly Identified Lateral Movement Paths To Sensitive Accounts
Description This KQL query looks for Defender For Identity identified lateral movement paths to all sensitive accounts (if possible). This
Read MoreVisualize Top 100 Users That Have The Most Interactive Sign-ins
Description This KQL query visualizes the top 100 users that have performed the most interactive sign ins. Query Microsoft Defender
Read MoreVisualize Antivirus Detection By Day
Description This KQL query visualizes the daily antivirus detection, which can give an indication in anomalous amount of activities that
Read MoreHunt For Suspicious SMB Sessions
SMB can be used in various ways by attackers, such as accessing remote shares, transfering files, interacting with systems using
Read More
Determining the Right Time to Implement Microsoft Sentinel
For those immersed in the realm of Microsoft Cloud services and security, the name Microsoft Sentinel likely rings a bell.
Read More
What is BREAK?
break [brayk] nounWhere things fall apart… and you put them back together better. Welcome to BREAK, the digital war zone
Read MoreList Top 10 Users With The Most IP Addresses Used To Successfully Sign-in
Description Collect the top 10 user with the most IP used to successfully sign in to a tenant. This KQL
Read MoreList Guest Users with Azure Active Directory Roles
Description This KQL query can be used to display all Guest users in the tenant who have Azure Active Directory
Read More