+ SECURE \ Kusto Query Language

January 15, 2025 Wayne Andes 95 Views 0 Comments 2 min read

Detect Banned Files Written to Computer Using KQL in VMware Carbon Black App Control

This KQL query detects banned files written to computers by VMware Carbon Black App Control. It targets security events logged

January 14, 2025 Wayne Andes 72 Views 0 Comments 2 min read

This KQL query detects suspicious files flagged by VMware Carbon Black App Control, enabling security analysts to pinpoint potential risky

January 13, 2025 Wayne Andes 78 Views 0 Comments 2 min read

Using KQL (Kusto Query Language), you can efficiently identify malicious files detected by VMware Carbon Black App Control. This query

January 10, 2025 Wayne Andes 78 Views 0 Comments 3 min read

This KQL query helps detect FileZilla SFTP activities flagged by Symantec Endpoint Protection where attacks were detected but not blocked.

January 9, 2025 Wayne Andes 89 Views 0 Comments 3 min read

This KQL query extracts adware-related security events from Symantec Endpoint Protection (SEP) logs, focusing on instances where adware was detected

January 8, 2025 Wayne Andes 75 Views 0 Comments 3 min read

This article covers how to use a KQL (Kusto Query Language) script to list Ngrok activity detected by Symantec Endpoint

January 7, 2025 Wayne Andes 82 Views 0 Comments 3 min read

This KQL query identifies malicious scan attempts detected but not blocked by Symantec Endpoint Protection (SEP) by filtering relevant security

January 6, 2025 Wayne Andes 67 Views 0 Comments 3 min read

This KQL query is designed to identify all connections made to potential or malicious websites that Symantec Endpoint Protection (SEP)

December 23, 2024 Wayne Andes 94 Views 0 Comments 6 min read

Description This guide explains how to detect cloud persistence activities performed by users identified as at risk using KQL queries.