Saturday, August 30, 2025

Build+Break+Secure

Where Every Failure Becomes A Manual

BUILD
- Microsoft Power Automate
  - Microsoft Teams
  - SentinelOne
- Microsoft PowerShell
  - Scripts
BREAK
- Kusto Query Language
  - Microsoft Sentinel
  - Zscaler
SECURE
- Active Directory
  - Hardening
- Kusto Query Language

Build+Break+Secure

Where Every Failure Becomes A Manual

BUILD
- Microsoft Power Automate
  - Microsoft Teams
  - SentinelOne
- Microsoft PowerShell
  - Scripts
BREAK
- Kusto Query Language
  - Microsoft Sentinel
  - Zscaler
SECURE
- Active Directory
  - Hardening
- Kusto Query Language

+ SECURE

September 30, 2024 Wayne Andes 145 Views 0 Comments 6 min read

Active Directory Group Additions Tracking with KQL Queries

Active Directory group additions are critical events that may indicate privilege escalations or unauthorized access. Using KQL queries, you can

+ SECURE Kusto Query Language Microsoft Sentinel

September 23, 2024 Wayne Andes 135 Views 0 Comments 2 min read

Analyze Syslog Ingestion Delays in Microsoft Sentinel with KQL

Checking ingestion delays in Syslog data is critical for timely detection and alerting in cybersecurity systems. This technique uses KQL

+ SECURE Kusto Query Language Microsoft Defender for Endpoint Microsoft Sentinel

September 16, 2024 Wayne Andes 198 Views 0 Comments 5 min read

KQL Query to Monitor Password Never Expire Account Changes

Setting an account password to never expire can pose a significant security risk. Regular password changes are a fundamental security

+ SECURE Kusto Query Language Microsoft Sentinel

September 9, 2024 Wayne Andes 125 Views 0 Comments 4 min read

KQL Query for MITRE ATT&CK Techniques on Microsoft Sentinel Incidents

Using KQL, this query provides a clear visualization of MITRE ATT&CK techniques triggered by incidents in Microsoft Sentinel. It breaks

+ SECURE Kusto Query Language Microsoft Sentinel

September 2, 2024 Wayne Andes 93 Views 0 Comments 5 min read

Analyze Analytics Rules Ingestion Delays Using KQL

Monitoring analytics rules ingestion delay is essential to maintain timely alerting and detection in security operations. Using KQL queries, it

+ SECURE Kusto Query Language Microsoft Sentinel

August 26, 2024 Wayne Andes 91 Views 0 Comments 3 min read

Visualize MITRE ATT&CK Tactics Triggered On Microsoft Sentinel Incidents

Description This KQL query visualizes the incidents that have been triggered for each MITRE ATT&CK Tactic. This will give an

+ SECURE Kusto Query Language Microsoft Defender for Endpoint Microsoft Sentinel

August 19, 2024 Wayne Andes 122 Views 0 Comments 3 min read

List Sign-ins By UserAgent

Description This KQL query can be used to detect rare UserAgents that are used to sign into your tenant. Those

+ SECURE Kusto Query Language Microsoft Defender for Endpoint

August 12, 2024 Wayne Andes 92 Views 0 Comments 4 min read

Visualize Time Of Last Password Reset

Description This KQL query visualizes the time of which a password reset has last taken place, the information is grouped

+ SECURE Kusto Query Language Microsoft Sentinel

August 9, 2024 Wayne Andes 116 Views 0 Comments 2 min read

List Data Connector Failures In The Last Three Days

Description This KQL query detects latest failure events per Data Connector in the last three days. Risk Failures in Data

Topics To Explore

+ BLOG + BREAK + BUILD + NEWS + SECURE Active Directory Fortinet Homelab Kusto Query Language Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Power Automate Microsoft PowerShell Microsoft Sentinel Microsoft Teams Microsoft Windows Microsoft Windows Server SentinelOne Symantec Endpoint Protection VMware Carbon Black Zscaler

Recent BUILD Posts

Streamline SentinelOne Endpoint Scans with Power AutomateJune 2, 2025
Automate SentinelOne Incident Alerts to Microsoft Teams with Power AutomateJune 2, 2025
Get Started On Microsoft Power AutomateMay 26, 2025
PowerShell Finds Its Voice: Talking Scripts Are Now a ThingJuly 7, 2023

Recent BREAK Posts

Troubleshooting Data Ingestion Lag in Microsoft Sentinel from Zscaler LogsJanuary 29, 2025
What is BREAK?April 1, 2024

Recent SECURE Posts

Detect QR Code-Based Phishing with KQL in Microsoft Defender XDRFebruary 10, 2025
Monitor Active CISA Exploited CVEs Using This KQL QueryFebruary 3, 2025
Detect Microsoft Teams Large Data Transfer Using KQLJanuary 28, 2025
Detect Microsoft Teams Large Data Transfer Using KQLJanuary 27, 2025
List Untrusted SSH File Transfer Protocol Connection Not Blocked By Symantec Endpoint ProtectionJanuary 22, 2025

Manage Consent

To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Functional Functional Always active

The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.

Preferences Preferences

The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.

Statistics Statistics

The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.

Marketing Marketing

The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.

Manage options Manage services Manage {vendor_count} vendors Read more about these purposes

View preferences

{title} {title} {title}