Fix MDE selective isolation with Isolation Exclusions rules and allow Teams & Outlook communication again. 5min work and a functionality restored to its former glory! lousec.be/mde/isolation-…

GraphApiAuditEvents is now in Public Preview. The data is natively ingested into Unified XDR. This may become the alternative for MicrosoftGraphActivityLogs, as they are costly to ingest but very valuable for incident response. learn.microsoft.com/en-us/defender…

🔎 Detect Direct Send phishing emails Below you can find a query that can help you find phishing emails being send using #Microsoft Exchange Direct Send. #Kusto #KQL #DefenderXDR #MicrosoftSentinel github.com/HybridBrothers…

New Blog: Hunting Through APIs - Logic App Edition Logic Apps allow organizations to automate processes easily. This blog discusses how KQL can be used in Logic Apps through the Graph API, Azure Monitor API and Defender ATP API to automate SOC processes. kqlquery.com/posts/logicapp…

Mercedes will let you onboard your car in Intune? This is the stupidest thing I've heard this week.

Interesting technique and developing I would say. 2 quick #KQL queries out for #MicrosoftSentinel and #MDE if you want to hunt for it. github.com/SecurityAura/D… Can be adapted to look for cmd.exe probably as well or other interpreters, binaries, etc. Will update as we go.

Microsoft is aware of active attacks targeting on-premises SharePoint Server customers, exploiting a variant of CVE-2025-49706. This vulnerability has been assigned CVE-2025-53770. We have outlined mitigations and detections in our blog. Our team is working urgently to release

The guidance has been updated with a patch and new KQL hunting query. msrc.microsoft.com/blog/2025/07/c…

Quick tip: if you use the /security/runHuntingQuery Graph API call. The default Timespan is 30 days. By setting the additional Timespan parameter, you can retrieve logs from a period longer than 30 days ago. learn.microsoft.com/en-us/graph/ap…

Strengthen identity threat detection and response with linkable token identifiers. Linkable token identifiers are now available for: Entra sign-in logs Exchange Online audit logs Graph activity logs Teams audit logs SharePoint Online audit logs techcommunity.microsoft.com/blog/microsoft…

This is big! Introducing Microsoft Sentinel data lake techcommunity.microsoft.com/blog/microsoft…

2⃣ Ugur Koc & Bert-Jan 🛡️ Kusto Insights. I am biased, they are both good friends but jokes aside, they are doing a great work bringing together a newsletter on #KQL queries and developments you should take a look at. ✉️ Subscribe here: kustoinsights.substack.com

I'm SO hyped to finally make MSSQLHound public! It's a new BloodHound collector that adds 37 new edges and 7 new nodes for MSSQL attack paths using the new OpenGraph feature for 8.0!. Let me know what you find with it! - github.com/SpecterOps/MSS… - specterops.io/blog/2025/07/2…

𝐇𝐚𝐯𝐞 𝐲𝐨𝐮 𝐬𝐚𝐯𝐞𝐝 𝐲𝐨𝐮𝐫 𝐬𝐩𝐨𝐭 𝐟𝐨𝐫 𝐊𝐮𝐬𝐭𝐨𝐂𝐨𝐧? 🧐 If not, there’s still time! Join us in person in Zurich on November 6th, a limited amount of spots are still available! Don’t miss this chance to connect with great people, attend an engaging workshop, and

The Graph API based #KQL queries are now also translated to GraphAPIAuditEvents. github.com/Bert-JanP/Hunt…

Have a look at this offer if you do not have shodan yet

New blog! GraphApiAuditEvents: The new Graph API Logs This July the GraphApiAuditEvents were released in public preview. These new Graph API logs provide valuable insights into the activities performed in your tenant. kqlquery.com/posts/graphapi…

Happy to say that I finally took the time to work on a long time, very small, dream of mine: having a blog with my own domain name😂 You can now find me at SecurityAura.com Transferred my previous articles from Medium and planning on blogging more!