List Website Connections Allowed by Symantec Endpoint Protection
This KQL query is designed to identify all connections made to potential or malicious websites that Symantec Endpoint Protection (SEP)
Read MoreWhere Every Failure Becomes A Manual
This KQL query is designed to identify all connections made to potential or malicious websites that Symantec Endpoint Protection (SEP)
Read MoreDescription This guide explains how to detect cloud persistence activities performed by users identified as at risk using KQL queries.
Read MoreThis KQL query identifies discovery events performed by users marked as at risk within an Azure environment. It targets actions
Read MoreAMSI script detection KQL query is a crucial tool for monitoring Windows environments where the Antimalware Scan Interface detects potentially
Read MoreDetect anomalous group policy discovery by leveraging KQL queries to identify devices performing group policy scans they have not executed
Read MoreGolden Certificates are an advanced persistence technique linked to Active Directory Certificate Services (AD CS) compromises. When attackers gain administrative
Read MoreAdversaries can use LDAP to collect environment information. The query below can be used to detect anomalous amounts of LDAP
Read MoreActive Directory Certificate Services (AD CS) is Microsoft’s Public Key Infrastructure (PKI) framework, managing encryption, code signing, and authentication through
Read MoreThis guide uses KQL to detect executed LDAP queries originating from compromised devices. Monitoring LDAP traffic is critical for identifying
Read More