Anamoly-USBFileCopiesfromUserswithAnamolousDownloads.kql
Device-ASROfficeChildProcessAudit.kql
Device-AccountswithMostLocalAdmin.kql
Device-CreateSetofLocalAdminsperDevice.kql
Device-DetectAnomalousRDPConnections.kql
Device-DetectCertUtilConnectingExternally.kql
Device-DetectCredentialBackup.kql
Device-DetectEncodedPowershellandDecode.kql
Device-DetectFirstTimeTeamviewerUsage.kql
Device-DetectInternaltoExternalTeamviewer.kql
Device-DetectLocalAdminsWhoHaventElevated.kql
Device-DetectLocalUserCreated.kql
Device-DetectLocaltoPublicRDP.kql
Device-DetectLogonsPriortoMDEAlert.kql
Device-DetectMacroConnectingtoInternet.kql
Device-DetectMacroUsage.kql
Device-DetectPotentialNetworkRecon.kql
Device-DetectPuttyConnectingPublic.kql
Device-DetectRDPRecon.kql
Device-DetectRegistryTampering.kql
Device-DetectURLopenedfromISOfile.kql
Device-FileDownloadedfromO365thenCopiedtoUSB.kql
Device-FilesCopiedtoUSBCertainGroups.kql
Device-FindDeviceWithoutCurrentAVScan.kql
Device-FindDevicesNoLongerSendingEvents.kql
Device-FindNewDevices.kql
Device-FindUsersWhoClickedonPhishing.kql
Device-FirstTimeWhoAmI.kql
Device-InterestingPortsOpened.kql
Device-LocalUserswithAdmin.kql
Device-NewHashAccessingLSASS.kql
Device-PotentialDNSTunnelling.kql
Device-PowerShellExecutionModeChanged.kql
Device-PowershellConnectingtoInternet.kql
Device-ProcessModifiedPrimaryToken.kql
Device-PublicPort22Allowed.kql
Device-SSHTrafficOnNonStandardPort.kql
Device-SummarizeLDAPandLDAPStraffic.kql
Device-SummarizeLocalGroupAdditions.kql
Device-SummarizeLocalLogonActivity.kql
Device-SummarizeMacroUsage.kql
Device-SummarizeRDPConnections.kql
Device-SummarizeSmartScreenPhishingDomains.kql
Device-SummaryofDeviceLogons.kql
Device-Top20DepartmentsCopyingDatatoUSBbyCount.kql
Device-Top20DepartmentsCopyingDatatoUSBbySize.kql
Device-UserAddedasLocalAdmin.kql
Device-VisualizeASREventswithtrend.kql
Device-VisualizeMaliciousSmartScreenURLs.kql
Device-VisualizeMostCommonISOFiles.kql
Device-VisualizeOSBuildspermonth.kql
Device-VisualizePort22Proccesses.kql
Device-VisualizeRDPClients.kql
Device-VisualizeVolumeofDataCopiedtoUSB.kql
Device-Windows10DevicesandUsers.kql
Device-WindowsVersionPivotTable.kql
Device-msdtPotentialExploit.kql
Vuln-HighestExposedDevices.kql
Vuln-InternetExposedDevices.kql
Vuln-KnownExploitableVuln.kql
Sentinel vs Advanced Hunting
AWS-PublicIPAddedtoInstance.kql
Anamoly-HigherThanExpectedSysLog.kql
Duo-LogParserwithIdentityInfo.kql
SysLog-DetectAnomaliesInEvents.kql
Folders and files Name Name Last commit message
Last commit date
parent directory
View all files
You can’t perform that action at this time.