Detections tagged with KQL

Dec 31, 2024 2024-12-31: Hello KQL
#KQL#kustonomicon
Jan 1, 2025 2025-01-01: Azure Active Directory - Conditional Access Policy Modified
#KQL#Sentinel#CAP#T1556.009
Jan 2, 2025 2025-01-02: Azure Active Directory - Credential Added to App Registration
#KQL#Sentinel#SPN#T1098.001
Jan 3, 2025 2025-01-03: Azure Activity - Public Access Enabled on Storage Account
#KQL#Sentinel#Azure Storage Account#Misconfiguration#T1562.007#T1530
Jan 4, 2025 2025-01-04: Azure Activity - New IP Address Added to Storage Account Firewall
#KQL#Sentinel#Azure Storage Account#T1562.007#T1530
Jan 5, 2025 2025-01-05: Azure Storage Account - Mass Download
#KQL#Sentinel#Azure Storage Account#T1530
Jan 6, 2025 2025-01-06: Azure Key Vault - New IP Address Added to Key Vault Firewall
#KQL#Sentinel#Azure Key Vault#T1562.007#T1555.006
Jan 7, 2025 Azure Key Vault - Vault Access Configuration Modified
#KQL#Sentinel#Azure Key Vault#Misconfiguration#T1555.006#T1556
Jan 8, 2025 Azure Key Vault - Large Number of Keys, Secrets, Certs Deleted
#KQL#Sentinel#Azure Key Vault#T1555.006#T1485
Jan 9, 2025 Azure Key Vault - Large Number of Keys, Secrets, or Certs Accessed
#KQL#Sentinel#Azure Key Vault#T1555.006
Jan 10, 2025 Azure Key Vault - Potential Privilege Escalation Activity
#KQL#Sentinel#Azure Key Vault#T1555.006#T1556
Jan 11, 2025 AWS CloudTrail - CVE-2024-50603 Potential Exploitation Activity
#KQL#Sentinel#AWS CloudTrail#CVE-2024-50603#T1203
Jan 12, 2025 AWS CloudTrail - New Access Key Created for Root User
#KQL#Sentinel#AWS CloudTrail#T1556#T1098.001
Jan 13, 2025 AWS CloudTrail - CloudTrail Log Stopped
#KQL#Sentinel#AWS CloudTrail#T1562
Jan 14, 2025 AWS CloudTrail - Console Login Without MFA
#KQL#Sentinel#AWS CloudTrail#Misconfiguration#T1078.004
Jan 15, 2025 AWS CloudTrail - Failed Login from Root User
#KQL#Sentinel#AWS CloudTrail#T1078.004#T1110
Jan 16, 2025 AWS VPC - Changes to Inbound Rules Allowing Management Ports
#KQL#Sentinel#AWS CloudTrail#AWS VPC#T1562.007
Jan 17, 2025 AWS S3 - Changes to Block Public Access Settings
#KQL#Sentinel#AWS CloudTrail#AWS S3#T1562.007
Jan 18, 2025 Azure NSG - Changes to Inbound Rules Allowing Management Ports
#KQL#Sentinel#Azure NSG#T1562.007
Jan 19, 2025 Azure Key Vault - User Adds Themselves to a Vault Access Policy
#KQL#Sentinel#Azure Key Vault#Misconfiguration#T1555.006#T1556
Jan 20, 2025 MDE - MDE Exclusion Added or Modified
#KQL#Sentinel#MDE#Misconfiguration#T1562.001
Jan 21, 2025 AzureActivity - VM: Password Reset through EnableAccess VM Extension
#KQL#Sentinel#AzureActivity#Azure VM#T1651