Wayne Andes

January 22, 2025 Wayne Andes 2 min read

List Untrusted SSH File Transfer Protocol Connection Not Blocked By Symantec Endpoint Protection

Description This KQL query lists all untrusted SSH file transfer protocol connection events that Symantec Endpoint Protection detected but did

Kusto Query Language Microsoft Sentinel SECURE Symantec Endpoint Protection

January 21, 2025 Wayne Andes 2 min read

List P2P Torrent Traffic Not Blocked By Symantec Endpoint Protection

Description This KQL query lists all P2P torrent traffic events that Symantec Endpoint Protection detected but did not block and

News

January 21, 2025 Wayne Andes 3 min read

NBI Data Breach Exposes Millions of Filipino Records

MANILA, PHILIPPINES —The National Bureau of Investigation (NBI), the Philippines’ premier investigative agency, has suffered a major cybersecurity breach that

Kusto Query Language Microsoft Sentinel SECURE Symantec Endpoint Protection

January 20, 2025 Wayne Andes 2 min read

List Generic Directory Traversal Not Blocked By Symantec Endpoint Protection

Description This KQL query lists all suspicious general directory traversal events that Symantec Endpoint Protection detected but did not block

Kusto Query Language Microsoft Sentinel SECURE VMware Carbon Black

January 17, 2025 Wayne Andes 1 min read

List Tamper Protection Alert Triggered By VMware Carbon Black App Control

Description This KQL query looks for where Tamper Protection is detected by VMware Carbon Black App Control. Query Microsoft Sentinel

Kusto Query Language Microsoft Sentinel SECURE Symantec Endpoint Protection

January 16, 2025 Wayne Andes 2 min read

List Suspicious Process Accessing A Website Not Blocked By Symantec Endpoint Protection

Description This query lists all suspicious process accessing a website events that Symantec Endpoint Protection detected but did not block

Kusto Query Language Microsoft Sentinel SECURE VMware Carbon Black

January 15, 2025 Wayne Andes 2 min read

List Banned File Written To Computer Detected By VMware Carbon Black App Control

Description This KQL query identifies banned files written to computer detected by VMware Carbon Black App Control. Risk An adversary

Kusto Query Language Microsoft Sentinel SECURE VMware Carbon Black

January 14, 2025 Wayne Andes 2 min read

List Suspicious File Found By VMware Carbon Black App Control

Description This KQL query identifies potential risky files that were detected by VMware Carbon Black App Control. Risk An adversary

Kusto Query Language Microsoft Sentinel SECURE VMware Carbon Black

January 13, 2025 Wayne Andes 2 min read

List Malicious File Found By VMware Carbon Black App Control

Description This KQL query identifies malicious files that were detected by VMware Carbon Black App Control. Risk An adversary may

Build+Break+Secure

Build+Break+Secure

Author: Wayne Andes

List Untrusted SSH File Transfer Protocol Connection Not Blocked By Symantec Endpoint Protection

List P2P Torrent Traffic Not Blocked By Symantec Endpoint Protection

NBI Data Breach Exposes Millions of Filipino Records

List Generic Directory Traversal Not Blocked By Symantec Endpoint Protection

List Tamper Protection Alert Triggered By VMware Carbon Black App Control

List Suspicious Process Accessing A Website Not Blocked By Symantec Endpoint Protection

List Banned File Written To Computer Detected By VMware Carbon Black App Control

List Suspicious File Found By VMware Carbon Black App Control

List Malicious File Found By VMware Carbon Black App Control