{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":515543995,"defaultBranch":"main","name":"Sentinel_KQL","ownerLogin":"ep3p","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2022-07-19T10:48:43.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/2527990?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1712917743.0","currentOid":""},"activityList":{"items":[{"before":"f31468d313de47fd895145112a98ebe571df9552","after":"b64ac62c62e4a9f180af4876c911f9ba67accdd3","ref":"refs/heads/main","pushedAt":"2024-06-11T13:02:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update Multiple-SuspiciousModificationofGlobalAdminProperties.kql","shortMessageHtmlLink":"Update Multiple-SuspiciousModificationofGlobalAdminProperties.kql"}},{"before":"698c870c4a459a9d1f565902002a9f695c329d4c","after":"f31468d313de47fd895145112a98ebe571df9552","ref":"refs/heads/main","pushedAt":"2024-06-10T20:00:42.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update Multiple-Suspicious device name.kql","shortMessageHtmlLink":"Update Multiple-Suspicious device name.kql"}},{"before":"57e68ab67abce0ffc4263c100851a4008e923c0e","after":"698c870c4a459a9d1f565902002a9f695c329d4c","ref":"refs/heads/main","pushedAt":"2024-06-10T08:29:04.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Create SecurityEvent-Malformed security descriptor.kql","shortMessageHtmlLink":"Create SecurityEvent-Malformed security descriptor.kql"}},{"before":"8139d5922500c70cb9e5d81eded17f8a50af2e63","after":"57e68ab67abce0ffc4263c100851a4008e923c0e","ref":"refs/heads/main","pushedAt":"2024-06-04T15:06:08.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update DeviceNetworkEvents-Suspicious connection by COM Surrogate.kql","shortMessageHtmlLink":"Update DeviceNetworkEvents-Suspicious connection by COM Surrogate.kql"}},{"before":"53c262a7ea6da4cb80ce4c3e2bcaac00d94d9056","after":"8139d5922500c70cb9e5d81eded17f8a50af2e63","ref":"refs/heads/main","pushedAt":"2024-05-30T17:55:39.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update Multiple-Unexpected named pipes on multiple devices.kql","shortMessageHtmlLink":"Update Multiple-Unexpected named pipes on multiple devices.kql"}},{"before":"1a01f86fb49bd29c7fb8d21cc557a89883012522","after":"53c262a7ea6da4cb80ce4c3e2bcaac00d94d9056","ref":"refs/heads/main","pushedAt":"2024-05-30T17:50:23.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update Multiple-Unusual unsynchronized account authentication in AD FS.kql","shortMessageHtmlLink":"Update Multiple-Unusual unsynchronized account authentication in AD F…"}},{"before":"12593dcc42a42eec54b8ecb653173c4105bd6e78","after":"1a01f86fb49bd29c7fb8d21cc557a89883012522","ref":"refs/heads/main","pushedAt":"2024-05-30T17:41:32.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update SecurityEvent-NewEXEdeployedviaDefaultDomainorDefaultDomainControllerPolicies.kql","shortMessageHtmlLink":"Update SecurityEvent-NewEXEdeployedviaDefaultDomainorDefaultDomainCon…"}},{"before":"14d4c0506cdf04ed0177bfa2c898feee2f96c48d","after":"12593dcc42a42eec54b8ecb653173c4105bd6e78","ref":"refs/heads/main","pushedAt":"2024-05-30T17:22:50.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update IdentityLogonEvents-Unusual delegated resource access.kql","shortMessageHtmlLink":"Update IdentityLogonEvents-Unusual delegated resource access.kql"}},{"before":"0038de5a98f3c71b18ab630e41570a916f3d6f35","after":"14d4c0506cdf04ed0177bfa2c898feee2f96c48d","ref":"refs/heads/main","pushedAt":"2024-05-30T13:34:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update IdentityLogonEvents-Unexpected access to multiple devices.kql","shortMessageHtmlLink":"Update IdentityLogonEvents-Unexpected access to multiple devices.kql"}},{"before":"6929256a7fd22522298a0829a7eb3d734b05b800","after":"0038de5a98f3c71b18ab630e41570a916f3d6f35","ref":"refs/heads/main","pushedAt":"2024-05-30T13:34:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update Multiple-Unexpected named pipes on multiple devices.kql","shortMessageHtmlLink":"Update Multiple-Unexpected named pipes on multiple devices.kql"}},{"before":"1355939a50376051ec0becf9104ec47767bdf40b","after":"6929256a7fd22522298a0829a7eb3d734b05b800","ref":"refs/heads/main","pushedAt":"2024-05-30T13:15:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Create Multiple-Unexpected named pipes on multiple devices.kql","shortMessageHtmlLink":"Create Multiple-Unexpected named pipes on multiple devices.kql"}},{"before":"f388ddef96ae991e141604ecf09c45b0f4473b01","after":"1355939a50376051ec0becf9104ec47767bdf40b","ref":"refs/heads/main","pushedAt":"2024-05-28T11:11:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update Analytics-AzureRBACRoleAssignments.kql","shortMessageHtmlLink":"Update Analytics-AzureRBACRoleAssignments.kql"}},{"before":"16dddee278a183b3f990e5f1bea42c0a02e9acb1","after":"f388ddef96ae991e141604ecf09c45b0f4473b01","ref":"refs/heads/main","pushedAt":"2024-05-27T14:28:53.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update DeviceNetworkEvents-Suspicious connection by COM Surrogate.kql","shortMessageHtmlLink":"Update DeviceNetworkEvents-Suspicious connection by COM Surrogate.kql"}},{"before":"115ea9641cd9b2acf3cbf3b03ef8f15b162fd8c4","after":"16dddee278a183b3f990e5f1bea42c0a02e9acb1","ref":"refs/heads/main","pushedAt":"2024-05-24T10:13:49.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Create Multiple-Suspicious device name.kql","shortMessageHtmlLink":"Create Multiple-Suspicious device name.kql"}},{"before":"e0e3d37e47184e34921097dd301c4bf949dcbb4c","after":"115ea9641cd9b2acf3cbf3b03ef8f15b162fd8c4","ref":"refs/heads/main","pushedAt":"2024-05-24T10:02:20.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Rename IdentityLogonEvents-Unusual Delegated resource access.kql to IdentityLogonEvents-Unusual delegated resource access.kql","shortMessageHtmlLink":"Rename IdentityLogonEvents-Unusual Delegated resource access.kql to I…"}},{"before":"cc8b6496657288223785e02e0c3bceac4c8144f5","after":"e0e3d37e47184e34921097dd301c4bf949dcbb4c","ref":"refs/heads/main","pushedAt":"2024-05-24T10:02:04.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Create IdentityLogonEvents-Unusual Delegated resource access.kql","shortMessageHtmlLink":"Create IdentityLogonEvents-Unusual Delegated resource access.kql"}},{"before":"ec7dbb7a31915cbc511ad73f9a12aad9c8f8a4be","after":"cc8b6496657288223785e02e0c3bceac4c8144f5","ref":"refs/heads/main","pushedAt":"2024-05-20T11:55:30.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update SecurityAlert-A potentially malicious URL click was detected.kql","shortMessageHtmlLink":"Update SecurityAlert-A potentially malicious URL click was detected.kql"}},{"before":"7401d0d9e8b71a784e7e943270f6178719a324a6","after":"ec7dbb7a31915cbc511ad73f9a12aad9c8f8a4be","ref":"refs/heads/main","pushedAt":"2024-05-20T11:55:09.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update SecurityAlert-A potentially malicious URL click was detected.kql","shortMessageHtmlLink":"Update SecurityAlert-A potentially malicious URL click was detected.kql"}},{"before":"08c721d26dacc8e4a06303cdd77c1a29d9b28f02","after":"7401d0d9e8b71a784e7e943270f6178719a324a6","ref":"refs/heads/main","pushedAt":"2024-05-20T11:04:25.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update OfficeActivity-Excessive SharePoint activity.kql","shortMessageHtmlLink":"Update OfficeActivity-Excessive SharePoint activity.kql"}},{"before":"1406d045b71718f1e21dfe264b7cb6a2d08552ec","after":"08c721d26dacc8e4a06303cdd77c1a29d9b28f02","ref":"refs/heads/main","pushedAt":"2024-05-18T00:53:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update Value-WindowsEventsDictionary.csv","shortMessageHtmlLink":"Update Value-WindowsEventsDictionary.csv"}},{"before":"9b45e5ff04ad2fb8de451205b5542e958fa70419","after":"1406d045b71718f1e21dfe264b7cb6a2d08552ec","ref":"refs/heads/main","pushedAt":"2024-05-07T14:10:04.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Create weird SessionId.kql","shortMessageHtmlLink":"Create weird SessionId.kql"}},{"before":"4cb4eeecb7a81275f6b0ad4741abbb4dd67ec127","after":"9b45e5ff04ad2fb8de451205b5542e958fa70419","ref":"refs/heads/main","pushedAt":"2024-04-30T16:19:14.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update OfficeActivity-Excessive SharePoint activity.kql","shortMessageHtmlLink":"Update OfficeActivity-Excessive SharePoint activity.kql"}},{"before":"f916c1871947d545a0b70be92487bf3fa92e0739","after":"4cb4eeecb7a81275f6b0ad4741abbb4dd67ec127","ref":"refs/heads/main","pushedAt":"2024-04-25T11:48:26.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update DeviceNetworkEvents-Suspicious connection by COM Surrogate.kql","shortMessageHtmlLink":"Update DeviceNetworkEvents-Suspicious connection by COM Surrogate.kql"}},{"before":"637f514e6629a2576d7364811755d4721feeecbf","after":"f916c1871947d545a0b70be92487bf3fa92e0739","ref":"refs/heads/main","pushedAt":"2024-04-25T11:46:14.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update DeviceNetworkEvents-Suspicious connection by COM Surrogate.kql","shortMessageHtmlLink":"Update DeviceNetworkEvents-Suspicious connection by COM Surrogate.kql"}},{"before":"8297cfb58dca4ac7e7a0e2bd2de2a18a9f98aa44","after":"637f514e6629a2576d7364811755d4721feeecbf","ref":"refs/heads/main","pushedAt":"2024-04-22T16:38:04.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Create AppTraces-App Service failures.kql","shortMessageHtmlLink":"Create AppTraces-App Service failures.kql"}},{"before":"ec732361bef73d6d74730fbef8edea0feca6e989","after":"8297cfb58dca4ac7e7a0e2bd2de2a18a9f98aa44","ref":"refs/heads/main","pushedAt":"2024-04-22T09:01:56.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update Analytics-SlowPasswordSpray.kql","shortMessageHtmlLink":"Update Analytics-SlowPasswordSpray.kql"}},{"before":"630fe4b42321fe0eff25db9ef38eac803ec80e89","after":"ec732361bef73d6d74730fbef8edea0feca6e989","ref":"refs/heads/main","pushedAt":"2024-04-17T15:15:48.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update Parsing-WizIssues.kql","shortMessageHtmlLink":"Update Parsing-WizIssues.kql"}},{"before":"68cfca071d84138b9e5630e73c6c7e166b8e43cf","after":"630fe4b42321fe0eff25db9ef38eac803ec80e89","ref":"refs/heads/main","pushedAt":"2024-04-15T15:31:33.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update Multiple-Unexpected enumeration in Microsoft Graph.kql","shortMessageHtmlLink":"Update Multiple-Unexpected enumeration in Microsoft Graph.kql"}},{"before":"ad5465be57586055b9e952c4859be830b5c6f338","after":"68cfca071d84138b9e5630e73c6c7e166b8e43cf","ref":"refs/heads/main","pushedAt":"2024-04-15T15:01:11.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Update AWSCloudTrail-AWS S3 bucket publicly exposed.kql","shortMessageHtmlLink":"Update AWSCloudTrail-AWS S3 bucket publicly exposed.kql"}},{"before":"388f202a01bc5353342b9f4cc8487a8662a8ef0e","after":"ad5465be57586055b9e952c4859be830b5c6f338","ref":"refs/heads/main","pushedAt":"2024-04-12T11:14:54.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ep3p","name":"Jose Sebastián Canós","path":"/ep3p","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2527990?s=80&v=4"},"commit":{"message":"Delete Temporary/wiz_sentinel_latest.zip","shortMessageHtmlLink":"Delete Temporary/wiz_sentinel_latest.zip"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEYjtFpwA","startCursor":null,"endCursor":null}},"title":"Activity · ep3p/Sentinel_KQL"}