Detect Anomalous Amount of LDAP Traffic
Description Adversaries can use LDAP to collect environment information. The query below can be used to detect anomalous amounts of
Read MoreLearn by building. Master by breaking. Secure by obsession.
Description Adversaries can use LDAP to collect environment information. The query below can be used to detect anomalous amounts of
Read MoreDescription This KQL query will list all executed LDAP quieries from a compromised device. Query Microsoft Defender For Endpoint Microsoft
Read MoreDescription This KQL query detects latest failure events per AMA connector failures in Syslog in the last three days. Risk
Read MoreDescription This KQL query detects latest failure events per AMA connector failures in CommonSecurityLog in the last three days. Risk
Read MoreDescription Adversaries may use brute force techniques to gain access to accounts when passwords are unknown or when password hashes
Read MoreDescription This KQL query will check for ingestion delays in CommonSecurityLog by DeviceVendor and DeviceProduct. Note: Azure Sentinel scheduled alert
Read MoreDescription The results of this KQL query provide insight in the top 10 MITRE ATT&CK Techniques that have been triggered
Read MoreDescription This KQL query can be used to list all Active Directory group additions. The query uses 2 variables as
Read MoreDescription This KQL query will check for ingestion delays in Syslog by ProcessName, SourceSystem and HostName. Note: Azure Sentinel scheduled
Read More