Ctrl+Enter to generate
Try an example
Featured Detections
PopularSuspected Brute force attack Investigation
'Summarize all the failures and success events for all users in the last 24 hours, only identify users with more than 1
Detecting Suspicious PowerShell Command Executions
'Query identifies users denied registration for multiple webinars or recordings but successfully registered for at least
Anomalous sign-in location by user account and authenticating application
'This query examines Microsoft Entra ID sign-ins for each application and identifies the most anomalous change in a user
Password Spraying
This query detects a password spraying attack, where a single machine has performed a large number of failed login attem
Account MFA Modifications
'Identifies modifications to user's MFA settings. An attacker could use access to modify MFA settings to bypass MFA requ
DCOM Lateral Movement
This detection looks for cases of close-time proximity between incoming network traffic on RPC/TCP, followed by the crea