List Malicious Network Traffic Detected From LAN To WAN By Fortinet
Description This KQL query looks for malicious network traffic detected by Fortinet from LAN to WAN. Risk Explain what risk
Read MoreWhere Every Failure Becomes A Manual
Description This KQL query looks for malicious network traffic detected by Fortinet from LAN to WAN. Risk Explain what risk
Read MoreDescription The EmailClusterId which can be assigned to a mail is the identifier for the group of similar emails clustered based on
Read MoreDescription Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment
Read MoreDescription Detection opportunity: Launching PowerShell scripts from windowsapps directory This pseudo-detector looks for the execution of PowerShell scripts from the windowsapps directory.
Read MoreDescription Adversaries may create a new process with a different token to escalate privileges and bypass access controls. Processes can
Read MoreDescription This KQL query lists the emails that have triggered a URL block by safelinks. This is done by collecting
Read MoreDescription This KQL query is aimed to detect users that are added via the command-line. Adding users via the command-line
Read MoreDescription Adversaries may create local accounts to maintain access to victim systems. This KQL query lists all the local admins
Read MoreDescription In order to gain high priviliges an adversary can add themselfs to groups with high priviliges. Those priviliges allow
Read More