Visualize Top 100 Users That Have The Most Interactive Sign-ins
Description This KQL query visualizes the top 100 users that have performed the most interactive sign ins. Query Microsoft Defender
Read MoreBuild+Break+Secure
Where Every Failure Becomes A Manual
Author: Wayne Andes
Visualize Antivirus Detection By Day
Description This KQL query visualizes the daily antivirus detection, which can give an indication in anomalous amount of activities that
Read MoreHunt For Suspicious SMB Sessions
SMB can be used in various ways by attackers, such as accessing remote shares, transfering files, interacting with systems using
Read More
Determining the Right Time to Implement Microsoft Sentinel
For those immersed in the realm of Microsoft Cloud services and security, the name Microsoft Sentinel likely rings a bell.
Read More
What is BREAK?
break [brayk] nounWhere things fall apart… and you put them back together better. Welcome to BREAK, the digital war zone
Read MoreList Top 10 Users With The Most IP Addresses Used To Successfully Sign-in
Description Collect the top 10 user with the most IP used to successfully sign in to a tenant. This KQL
Read MoreList Guest Users with Azure Active Directory Roles
Description This KQL query can be used to display all Guest users in the tenant who have Azure Active Directory
Read MoreList Automatically Closed Incidents
Description This KQL query lists the incidents that are automatically closed by Microsoft Defender XDR. It is good practice to
Read More
Crafting Your Cyber Domain without Breaking the Bank!
So, you’re finally convinced to scratch the itch and turn that old laptop into something more than just a coffee
Read More