NBI Data Breach Exposes Millions of Filipino Records
MANILA, PHILIPPINES —The National Bureau of Investigation (NBI), the Philippines’ premier investigative agency, has suffered a major cybersecurity breach that
Read More
Build+Break+Secure
Where Every Failure Becomes A Manual
Author: Wayne Andes
Suspicious Directory Traversal Detection Using KQL in Symantec Logs
This article focuses on how to detect suspicious directory traversal activities that Symantec Endpoint Protection logs but fails to block,
Read MoreMonitoring Tamper Protection Triggers via KQL in Microsoft Sentinel
Security teams using Microsoft Sentinel can leverage KQL to detect tamper protection alerts triggered by VMware Carbon Black App Control.
Read MoreKQL to Detect Suspicious Process Website Access Not Blocked by Symantec
Description Using the power of KQL and Microsoft Sentinel, this detection script identifies events where a suspicious process attempted to
Read MoreDetect Banned Files Written to Computer Using KQL in VMware Carbon Black App Control
This KQL query detects banned files written to computers by VMware Carbon Black App Control. It targets security events logged
Read MoreDetect Suspicious Files with VMware Carbon Black Using KQL Query
This KQL query detects suspicious files flagged by VMware Carbon Black App Control, enabling security analysts to pinpoint potential risky
Read MoreDetect Malicious Files Using KQL in VMware Carbon Black App Control
Using KQL (Kusto Query Language), you can efficiently identify malicious files detected by VMware Carbon Black App Control. This query
Read MoreDetect FileZilla SFTP Risks with KQL in Symantec Logs
This KQL query helps detect FileZilla SFTP activities flagged by Symantec Endpoint Protection where attacks were detected but not blocked.
Read MoreDetect Adware Events Using KQL in Symantec Endpoint Protection Logs
This KQL query extracts adware-related security events from Symantec Endpoint Protection (SEP) logs, focusing on instances where adware was detected
Read More