Visualize Top 100 Users That Have The Most Interactive Sign-ins
Description This KQL query visualizes the top 100 users that have performed the most interactive sign ins. Query Microsoft Defender
Read MoreWhere Every Failure Becomes A Manual
Description This KQL query visualizes the top 100 users that have performed the most interactive sign ins. Query Microsoft Defender
Read MoreDescription This KQL query visualizes the daily antivirus detection, which can give an indication in anomalous amount of activities that
Read MoreSMB can be used in various ways by attackers, such as accessing remote shares, transfering files, interacting with systems using
Read MoreDescription Collect the top 10 user with the most IP used to successfully sign in to a tenant. This KQL
Read MoreDescription This KQL query detects successful sign-ins from countries that have not been seen before. Depending on where you run
Read MorePowerShell can be used encoded to obfuscate the commands that have been executed. An attacker can choose encoding to hide
Read MoreThis Threat Hunting case is based on the DeviceNetworkEvents table. The goal is to find malicious HTTP traffic. Step 1:
Read MoreDescription This KQL query can be used to detect rare operating systems that are used to sign into your tenant.
Read MoreDescription This KQL query lists all the different browsers that are used to successfully sign in to your Entra ID
Read More