+ SECURE \ Kusto Query Language \ Microsoft Sentinel

May 27, 2024 Wayne Andes 56 Views 0 Comments 2 min read

List New UserAgent Used Based On SigninLogs

Description This KQL query can be used to detect new UserAgents that have been used to perform sign in activities

May 20, 2024 Wayne Andes 58 Views 0 Comments 3 min read

Description This KQL query lists the devices that are on-boarded in Intune and classifies them based on the status of

May 13, 2024 Wayne Andes 54 Views 0 Comments 4 min read

Description This KQL query lists devices that can be on-boarded to Defender For Endpoint and have recently been detected. You

May 6, 2024 Wayne Andes 49 Views 0 Comments 3 min read

Description This KQL query lists how many devices have been on-boarded per operating system. Query Defender For Endpoint Microsoft Sentinel

April 29, 2024 Wayne Andes 57 Views 0 Comments 4 min read

Description This KQL query looks for Defender For Identity identified lateral movement paths to all sensitive accounts (if possible). This

April 22, 2024 Wayne Andes 57 Views 0 Comments 4 min read

Description This KQL query visualizes the top 100 users that have performed the most interactive sign ins. Query Microsoft Defender

April 15, 2024 Wayne Andes 52 Views 0 Comments 3 min read

Description This KQL query visualizes the daily antivirus detection, which can give an indication in anomalous amount of activities that

April 8, 2024 Wayne Andes 76 Views 0 Comments 28 min read

SMB can be used in various ways by attackers, such as accessing remote shares, transfering files, interacting with systems using

March 25, 2024 Wayne Andes 64 Views 0 Comments 3 min read

Description Collect the top 10 user with the most IP used to successfully sign in to a tenant. This KQL