Question Library

Every investigation starts with a question.

The expert questions Command Zero runs across identity, endpoint, cloud, email, and SaaS data. Filter by data source or search the full set.

943 questions across 33 data sources

Showing 943 of 943 questions

What CloudTrail management events exist for this AWS EC2 Instance?AWS EC2
What CloudTrail management events exist for this AWS EKS cluster?AWS EC2
What EC2 instance profiles in this AWS account contain policies that allow excessive permissions?AWS EC2
What EC2 instance profiles in this AWS account contain policies that enable lateral movement?AWS EC2
What EC2 instances currently are, or are in the process of being, stopped or terminated in this AWS account?AWS EC2
What EC2 instances have been created in this AWS account according to CloudTrail?AWS EC2
What EC2 security groups have been created or modified in this AWS account according to CloudTrail?AWS EC2
What are the details for this AWS EC2 instance (ARN)?AWS EC2
What are the details for this AWS EC2 instance?AWS EC2
What attempts have been made to enumerate EC2 instances in this AWS account according to CloudTrail?AWS EC2
What changes have been made to this AWS EC2 Security Group according to CloudTrail?AWS EC2
What information exists for this AWS EC2 security group?AWS EC2
What information exists for this AWS EC2 subnet?AWS EC2
What information exists for this AWS EKS cluster node group?AWS EC2
What information exists for this AWS EKS cluster?AWS EC2
What information exists for this AWS instance profile?AWS EC2
What AWS EC2 instance or container GuardDuty findings exist?AWS GuardDuty
What AWS GuardDuty findings exist?AWS GuardDuty
What AWS IAM and access key GuardDuty findings exist?AWS GuardDuty
What AWS RDS Protection GuardDuty findings exist?AWS GuardDuty
What AWS S3 bucket GuardDuty findings exist?AWS GuardDuty
What AWS container orchestration service (ECS and EKS Cluster) GuardDuty findings exist?AWS GuardDuty
What API calls have been made with an AWS access key belonging to this user according to CloudTrail?AWS IAM
What API calls were made with this AWS access key according to CloudTrail?AWS IAM
What AWS Security Token Service (STS) tokens were issued to this IAM role according to CloudTrail?AWS IAM
What AWS Users are associated with this Email Address?AWS IAM
What AWS Users are associated with this Microsoft Entra ID?AWS IAM
What AWS console login events exist for this IP address?AWS IAM
What AWS organizational units exist in the AWS integration(s)?AWS IAM
What IAM API calls have been made from this IP address?AWS IAM
What IAM permission boundary modifications have occurred for this AWS account according to CloudTrail?AWS IAM
What IAM roles in this AWS account are assigned policies containing critical actions?AWS IAM
What IAM roles in this AWS account have had their trust relationships modified according to CloudTrail?AWS IAM
What IAM user creation events exist in this AWS account according to CloudTrail?AWS IAM
What IAM users in this AWS account are assigned policies containing critical actions?AWS IAM
What IAM users in this AWS account have been given console access according to CloudTrail?AWS IAM
What IAM users were created by this AWS user according to CloudTrail?AWS IAM
What access keys did this AWS user create according to CloudTrail?AWS IAM
What attempts have been made to attach or detach IAM policies in this AWS account according to CloudTrail?AWS IAM
What console login events exist for this AWS user according to CloudTrail?AWS IAM
What high-risk actions have been performed by this AWS IAM User according to CloudTrail?AWS IAM
What information exists about this AWS user?AWS IAM
What information exists for this AWS integration's root organization?AWS IAM
What information exists for users with this username in this AWS account?AWS IAM
What internal AWS accounts exist in this AWS organization or organization unit?AWS IAM
What password changes were made by this AWS IAM user according to CloudTrail?AWS IAM
What permission policies are attached to this AWS IAM user?AWS IAM
What permission policies are attached to this IAM User Group?AWS IAM
What permissions does this AWS IAM attached policy have?AWS IAM
What permissions exists for this AWS IAM Role?AWS IAM
What permissions exists for this IAM role name in this AWS account?AWS IAM
What role assumption events exist for this access key in this AWS account according to CloudTrail?AWS IAM
What roles can be assumed by accounts not belonging to this AWS account?AWS IAM
What roles have been assumed in this AWS account according to CloudTrail?AWS IAM
What temporary AWS roles were assumed by this user according to CloudTrail?AWS IAM
What users have created service-linked roles in this AWS account according to CloudTrail?AWS IAM
What users in this AWS account have had access keys created for them according to CloudTrail?AWS IAM
What users or roles have gained administrative privileges in this AWS account according to CloudTrail?AWS IAM
Which IAM groups is this AWS user a member of?AWS IAM
Which assumed role sessions performed high-risk actions in this AWS account according to CloudTrail?AWS IAM
Which external accounts accessed resources via role assumption in this AWS account according to CloudTrail?AWS IAM
What AWS CloudTrail Management events exist for this S3 Bucket?AWS S3
What AWS S3 buckets have been created according to CloudTrail?AWS S3
What S3 buckets have had their access logging disabled in this AWS account according to CloudTrail?AWS S3
What S3 buckets in this AWS account currently have their versioning disabled?AWS S3
What S3 buckets in this AWS account have cross-account access policies configured?AWS S3
What access control list (ACL) changes did users attempt on S3 buckets in this AWS account to expose them publicly according to CloudTrail?AWS S3
What attempts did users make to expose the S3 buckets in this AWS account publicly through policy changes according to CloudTrail?AWS S3
What attempts have been made to check AWS S3 bucket configurations and permissions according to CloudTrail?AWS S3
What attempts have been made to enumerate S3 buckets in this AWS account according to CloudTrail?AWS S3
What information exists about this AWS S3 Bucket?AWS S3
Which AWS S3 Buckets currently allow public access through their access control lists (ACLs)?AWS S3
Which AWS S3 Buckets currently allow public access through their policy statements?AWS S3
What is the known information for this IP address according to Cisco Secure Malware Analytics?Cisco SMA
What is the known information for this domain according to Cisco Secure Malware Analytics?Cisco SMA
What is the known information for this file MD5 according to Cisco Secure Malware Analytics?Cisco SMA
What is the known information for this file SHA1 according to Cisco Secure Malware Analytics?Cisco SMA
What is the known information for this file SHA256 according to Cisco Secure Malware Analytics?Cisco SMA
What echo collection results are there?Cross-source
user-activityCross-source
What CrowdStrike Falcon alerts contain this Device ID?CrowdStrike Falcon
What CrowdStrike Falcon alerts contain this IP address?CrowdStrike Falcon
What CrowdStrike Falcon alerts contain this MD5 hash?CrowdStrike Falcon
What CrowdStrike Falcon alerts contain this SHA256 hash?CrowdStrike Falcon
What CrowdStrike Falcon alerts contain this domain name?CrowdStrike Falcon
What CrowdStrike Falcon alerts exist?CrowdStrike Falcon
What CrowdStrike Falcon alerts show this MD5 as a child process?CrowdStrike Falcon
What CrowdStrike Falcon alerts show this MD5 as a grandparent process?CrowdStrike Falcon
What CrowdStrike Falcon alerts show this MD5 as a parent process?CrowdStrike Falcon
What CrowdStrike Falcon alerts show this SHA 256 as a child process?CrowdStrike Falcon
What CrowdStrike Falcon alerts show this SHA 256 as a grandparent process?CrowdStrike Falcon
What CrowdStrike Falcon alerts show this SHA 256 as a parent process?CrowdStrike Falcon
What CrowdStrike Falcon alerts show this filename as a child process?CrowdStrike Falcon
What CrowdStrike Falcon alerts show this filename as a parent process?CrowdStrike Falcon
What CrowdStrike Falcon alerts show this filename as executed?CrowdStrike Falcon
What CrowdStrike alerts show this filename as a grandparent process?CrowdStrike Falcon
What Defense Evasion alerts exist in CrowdStrike Falcon?CrowdStrike Falcon
What Defense Evasion alerts in CrowdStrike Falcon contain this Device ID?CrowdStrike Falcon
What Defense Evasion alerts in CrowdStrike Falcon contain this IP address?CrowdStrike Falcon
What Falcon Intel alerts exist in CrowdStrike Falcon?CrowdStrike Falcon
What Falcon Intel alerts in CrowdStrike Falcon contain this Device ID?CrowdStrike Falcon
What Falcon Intel alerts in CrowdStrike Falcon contain this IP address?CrowdStrike Falcon
What Network Interface Addresses does CrowdStrike Falcon associate with this host?CrowdStrike Falcon
What Remote Desktop Protocol (RDP) activity originated from this CrowdStrike Falcon device?CrowdStrike Falcon
What Remote Desktop Protocol (RDP) activity targeted this CrowdStrike Falcon device?CrowdStrike Falcon
What USB mount events were observed for this device according to CrowdStrike Falcon?CrowdStrike Falcon
What USB mount events were observed for this user according to CrowdStrike Falcon?CrowdStrike Falcon
What USB mount events were observed on this host according to CrowdStrike Falcon?CrowdStrike Falcon
What USB mount events were observed with this USB serial number according to CrowdStrike Falcon?CrowdStrike Falcon
What Windows binaries were executed from non-standard paths on this device according to CrowdStrike Falcon Next-Gen SIEM?CrowdStrike Falcon
What Windows services were installed on this device according to CrowdStrike Falcon?CrowdStrike Falcon
What alerts are linked to this incident in CrowdStrike Falcon?CrowdStrike Falcon
What alerts in CrowdStrike Falcon are associated with this Windows security identifier (SID)?CrowdStrike Falcon
What alerts in CrowdStrike Falcon are associated with this local user name?CrowdStrike Falcon
What are the properties of this host in CrowdStrike Falcon?CrowdStrike Falcon
What behavioral indicators have been detected on this device in CrowdStrike Falcon?CrowdStrike Falcon
What critical severity incidents have a state of 'open' in CrowdStrike Falcon?CrowdStrike Falcon
What devices have been observed connecting to this IP address according to CrowdStrike Falcon?CrowdStrike Falcon
What devices have made a DNS request to this domain name according to CrowdStrike Falcon?CrowdStrike Falcon
What external IP address is currently associated with this host in CrowdStrike Falcon?CrowdStrike Falcon
What failed machine logon events targeted this device according to CrowdStrike Falcon Next-Gen SIEM?CrowdStrike Falcon
What file write or copy events to USB devices exist according to CrowdStrike Falcon?CrowdStrike Falcon
What hosts are associated with this incident in CrowdStrike Falcon?CrowdStrike Falcon
What hosts are registered with CrowdStrike Falcon?CrowdStrike Falcon
What hosts have this IP address in CrowdStrike Falcon?CrowdStrike Falcon
What incidents are associated with this host in CrowdStrike Falcon?CrowdStrike Falcon
What incidents have a state of 'open' in CrowdStrike Falcon?CrowdStrike Falcon
What information does CrowdStrike Falcon have for this hostname?CrowdStrike Falcon
What is the known information for this CrowdStrike Falcon host group?CrowdStrike Falcon
What machine logon events exist for this CrowdStrike Falcon device?CrowdStrike Falcon
What machine logon events exist for this local user name according to CrowdStrike Falcon?CrowdStrike Falcon
What malware alerts exist in CrowdStrike Falcon?CrowdStrike Falcon
What malware alerts in CrowdStrike Falcon contain this Device ID?CrowdStrike Falcon
What malware alerts in CrowdStrike Falcon contain this IP address?CrowdStrike Falcon
What network connections have been observed from this CrowdStrike Falcon device?CrowdStrike Falcon
What processes with this SHA256 were created according to CrowdStrike Falcon?CrowdStrike Falcon
What registry change events exist for this CrowdStrike Falcon device?CrowdStrike Falcon
What scheduled tasks have been created, updated, or deleted on this device according to CrowdStrike Falcon?CrowdStrike Falcon
What successful machine logon events exist for this Windows security identifier (SID) according to CrowdStrike Falcon?CrowdStrike Falcon
What alerts exist in Expel Workbench?Expel Workbench
What compromised credentials information does Flashpoint have for this affected domain?Flashpoint
What compromised credentials information does Flashpoint have for this affected email address?Flashpoint
What credential sightings are available in Flashpoint Ignite?Flashpoint
What FortiDLP agent ID is associated with this hostname?Fortinet FortiDLP
What FortiDLP process events contain this filename?Fortinet FortiDLP
What FortiDLP sensor detections contain this filename?Fortinet FortiDLP
What FortiDLP timeline events show this filename as a child process?Fortinet FortiDLP
What FortiDLP timeline events show this filename as a parent process?Fortinet FortiDLP
What FortiDLP user accounts are associated with this Microsoft Entra User Principal Name?Fortinet FortiDLP
What FortiDLP user accounts are associated with this email address?Fortinet FortiDLP
What IP addresses has FortiDLP recorded this host connecting to?Fortinet FortiDLP
What Windows Defender events were recorded by FortiDLP on this host?Fortinet FortiDLP
What Windows Defender events were recorded by FortiDLP?Fortinet FortiDLP
What Windows Defender threat detections were recorded by FortiDLP on this host?Fortinet FortiDLP
What Windows Defender threat detections were recorded by FortiDLP?Fortinet FortiDLP
What Windows remote desktop sessions were detected by FortiDLP on this host?Fortinet FortiDLP
What Windows remote desktop sessions were detected by FortiDLP?Fortinet FortiDLP
What agent policy violations were detected by FortiDLP on this host?Fortinet FortiDLP
What agent policy violations were detected by FortiDLP?Fortinet FortiDLP
What applications did FortiDLP record executing for the first time on this host?Fortinet FortiDLP
What applications did FortiDLP record executing for the first time?Fortinet FortiDLP
What emails has FortiDLP detected containing an attachment with this filename?Fortinet FortiDLP
What emails has FortiDLP recorded being received from this domain name?Fortinet FortiDLP
What emails has FortiDLP recorded being sent from this email address?Fortinet FortiDLP
What emails has FortiDLP recorded being sent from this host?Fortinet FortiDLP
What emails has FortiDLP recorded being sent to this domain name?Fortinet FortiDLP
What emails has FortiDLP recorded being sent to this email address?Fortinet FortiDLP
What executables or scripts did FortiDLP record being downloaded across the organization?Fortinet FortiDLP
What executables or scripts did FortiDLP record being downloaded on this host?Fortinet FortiDLP
What file downloads were recorded by FortiDLP on this host?Fortinet FortiDLP
What file downloads were recorded by FortiDLP?Fortinet FortiDLP
What hosts are registered with FortiDLP?Fortinet FortiDLP
What hosts has FortiDLP observed connecting to this IP address?Fortinet FortiDLP
What hosts has FortiDLP recorded connecting to this website?Fortinet FortiDLP
What hosts has FortiDLP recorded executing a file with this SHA256 for the first time?Fortinet FortiDLP
What hosts has FortiDLP recorded executing this filename for the first time?Fortinet FortiDLP
What hosts has FortiDLP recorded having Windows Defender disabled?Fortinet FortiDLP
What login and logout events have been recorded by FortiDLP on this host?Fortinet FortiDLP
What login or logout events have been recorded by FortiDLP for this Windows security identifier (SID)?Fortinet FortiDLP
What modifications to Windows Defender settings were detected by FortiDLP on this host?Fortinet FortiDLP
What modifications to Windows Defender settings were detected by FortiDLP?Fortinet FortiDLP
What registry startup items did FortiDLP record being added to any hosts?Fortinet FortiDLP
What registry startup items did FortiDLP record being added to this host?Fortinet FortiDLP
What remote login events have been recorded by FortiDLP for this host?Fortinet FortiDLP
What remote login events have been recorded by FortiDLP?Fortinet FortiDLP
What unauthorized website visits were detected by FortiDLP on this host?Fortinet FortiDLP
What unauthorized website visits were detected by FortiDLP?Fortinet FortiDLP
What unusual behavior did FortiDLP record across the organization?Fortinet FortiDLP
What unusual behavior did FortiDLP record on this host?Fortinet FortiDLP
What users exist in FortiDLP?Fortinet FortiDLP
What website visits were recorded by FortiDLP on this host?Fortinet FortiDLP
What GPG keys exist for this GitHub user?GitHub Enterprise
What GitHub Actions secrets did this user create or modify?GitHub Enterprise
What GitHub Actions secrets were created or modified?GitHub Enterprise
What GitHub Actions workflows were run in organization-owned repositories?GitHub Enterprise
What GitHub Actions workflows were run in this repository?GitHub Enterprise
What GitHub organization activity was performed using an access token with this hash?GitHub Enterprise
What GitHub organization members were removed?GitHub Enterprise
What GitHub repository settings did this user modify?GitHub Enterprise
What GitHub user SSO authenticated to the organization using this Microsoft Entra User Principal Name?GitHub Enterprise
What GitHub users made commits in this repository?GitHub Enterprise
What GitHub users requested or granted access to personal access tokens (PAT)?GitHub Enterprise
What GitHub users were added as members to the organization?GitHub Enterprise
What GitHub webhooks were created, modified, or destroyed?GitHub Enterprise
What collaborators were added to organization-owned GitHub repositories?GitHub Enterprise
What externally managed identity email addresses were used to authenticate this GitHub user?GitHub Enterprise
What is the resource information for this user in GitHub Enterprise?GitHub Enterprise
What non-public repositories were downloaded by this GitHub user?GitHub Enterprise
What non-public, organization-owned GitHub repositories were downloaded?GitHub Enterprise
What organization members have access to this GitHub repository?GitHub Enterprise
What organization members were added by this GitHub user?GitHub Enterprise
What organization members were removed by this GitHub user?GitHub Enterprise
What organization-owned GitHub Action secrets exist?GitHub Enterprise
What organization-owned GitHub repositories were cloned?GitHub Enterprise
What organization-owned GitHub repositories were deleted?GitHub Enterprise
What outside collaborators have access to this GitHub repository?GitHub Enterprise
What outside collaborators were invited to organization-owned GitHub repositories?GitHub Enterprise
What outside collaborators were invited to this GitHub repository?GitHub Enterprise
What personal access tokens (PAT) have access to organization-owned GitHub resources?GitHub Enterprise
What protected branch policies were overridden in organization-owned GitHub repositories?GitHub Enterprise
What protected branch policies were overridden in this GitHub repository?GitHub Enterprise
What pull requests were created by this GitHub user?GitHub Enterprise
What pull requests were created in this GitHub repository?GitHub Enterprise
What repositories are owned by this GitHub user?GitHub Enterprise
What repositories did this GitHub user delete?GitHub Enterprise
What repositories did this GitHub user push changes to using git?GitHub Enterprise
What repositories did this GitHub user request or grant personal access tokens (PAT) access to?GitHub Enterprise
What repositories were cloned by this GitHub user?GitHub Enterprise
What repository collaborators were added by this GitHub user?GitHub Enterprise
What repository permissions does this GitHub user have for organization-owned repositories?GitHub Enterprise
What third-party integrations (GitHub Apps) were authorized to access organization-owned resources?GitHub Enterprise
What third-party integrations (GitHub Apps) were installed by this user?GitHub Enterprise
What unverified commits were made in this GitHub repository?GitHub Enterprise
What user authenticated to the GitHub organization using this email address?GitHub Enterprise
What users modified settings in this GitHub repository?GitHub Enterprise
What users were added with admin permission to organization-owned GitHub repositories?GitHub Enterprise
What users were added with admin permission to this GitHub repository?GitHub Enterprise
What verified email addresses were used to sign a GPG key belonging to this GitHub user?GitHub Enterprise
What webhooks did this GitHub user create, modify, or destroy?GitHub Enterprise
What breaches or publicly shared content ('pastes') tracked by Have I Been Pwned include this Email Address?Have I Been Pwned
What is the known information surrounding this IP according to IPData?IPdata
What information is known for this IP?IPinfo
Are both Admin Audit Logging and Unified Audit Log Ingestion enabled?Microsoft 365
Does this Microsoft Entra tenant have an Entra Premium P1 or P2 license subscription?Microsoft 365
Does this user have a license assignment that provides Entra Premium Audit - with Microsoft 365 Advanced Auditing enabled?Microsoft 365
Is Mailbox Auditing enabled by default, organization wide?Microsoft 365
Is Mailbox Auditing enabled, correctly configured, and not bypassed for this user's mailbox?Microsoft 365
What "Alert Related Activity" events took place on this device according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What "Alert Related Activity" events took place on this host according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What Microsoft Defender XDR alerts contain this Windows security identifier (SID)?Microsoft Defender for Endpoint
What Microsoft Defender for Endpoint alerts have been triggered for this Machine ID?Microsoft Defender for Endpoint
What Microsoft Defender for Endpoint alerts have been triggered?Microsoft Defender for Endpoint
What Microsoft Defender for Endpoint alerts were generated for this Microsoft Entra User Principal Name (UPN) during the Investigation Window?Microsoft Defender for Endpoint
What Microsoft Defender for Endpoint alerts were triggered for this SHA 1?Microsoft Defender for Endpoint
What Microsoft Defender for Endpoint users are logged on to this machine?Microsoft Defender for Endpoint
What Microsoft Quick Assist sessions were initiated according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What Microsoft Quick Assist sessions were initiated on this device according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What PowerShell commands were executed on this device according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What Remote Desktop Protocol (RDP) activity targeted this device?Microsoft Defender for Endpoint
What Remote Desktop Protocol (RDP) activity targeted this host?Microsoft Defender for Endpoint
What USB mount events were observed on this device according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What are the details of this Microsoft Defender for Endpoint alert?Microsoft Defender for Endpoint
What are the properties of this Microsoft Defender for Endpoint machine?Microsoft Defender for Endpoint
What are the risk and exposure scores for this machine according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What child processes were created by this process according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What device events were initiated by this process according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What device file events exist for this SHA256 according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What devices have a web server process launching suspicious child processes according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What devices have activity for this file name according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What failed machine logon events targeted this device according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What file information does Microsoft Defender for Endpoint have for this SHA 1?Microsoft Defender for Endpoint
What hosts are registered with Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What image load events exists for files with this name according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What images were loaded by this process according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What is the organization prevalence of this IP address according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What is the organization prevalence of this domain name according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What is the organization prevalence of this file SHA 1 according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What locally managed Defender exclusion registry keys were updated according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What machine login events exist for this Microsoft Defender XDR device?Microsoft Defender for Endpoint
What machine login events exist for this Microsoft Entra user?Microsoft Defender for Endpoint
What machine login events exist for this Windows security identifier (SID) according to Microsoft Defender XDR?Microsoft Defender for Endpoint
What machine logon events originated from this IP address according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What machines does Microsoft Defender for Endpoint associate with this file?Microsoft Defender for Endpoint
What machines does Microsoft Defender for Endpoint associate with this user?Microsoft Defender for Endpoint
What machines has this Microsoft Defender for Endpoint user logged on to?Microsoft Defender for Endpoint
What machines has this Microsoft Entra user logged on to?Microsoft Defender for Endpoint
What machines have been observed communicating with the domain by Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What network connections were initiated by this process according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What parent process created this process according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What processes have been observed communicating with this IP address according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What processes have been observed communicating with this URL's domain according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What processes with this SHA 1 were created according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What processes with this SHA256 were created according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What registry changes were performed by this process according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What remote interactive logon events targeted this device according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What remote machine logon events originated from this host according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What scheduled tasks have been created, updated, or deleted by this process according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What scheduled tasks have been created, updated, or deleted on this device according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What sensitive file read events took place on this device according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What service actions were performed by this process according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What services were installed on this device according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What startup folder additions were performed by this process according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
What threats were detected by antivirus on this device according to Microsoft Defender for Endpoint?Microsoft Defender for Endpoint
Is this domain name associated with the Microsoft Entra tenant?Microsoft Entra ID
What Microsoft 365 Defender incidents exist?Microsoft Entra ID
What Microsoft 365 Security Compliance Alerts have been generated for this user?Microsoft Entra ID
What Microsoft Defender XDR alert evidence has been generated for this SHA 256?Microsoft Entra ID
What Microsoft Defender XDR alert evidence has been generated for this SHA1?Microsoft Entra ID
What Microsoft Defender XDR alert evidence has been generated for this filename?Microsoft Entra ID
What Microsoft Defender XDR alerts contain this IP address?Microsoft Entra ID
What Microsoft Defender XDR alerts contain this Microsoft Defender for Endpoint User Name?Microsoft Entra ID
What Microsoft Defender XDR alerts contain this Microsoft Entra User Principal Name?Microsoft Entra ID
What Microsoft Entra ID Identity Protection security alerts have been generated?Microsoft Entra ID
What Microsoft Entra ID security alerts have been generated?Microsoft Entra ID
What Microsoft Entra Identity Protection alerts exist containing this IP address?Microsoft Entra ID
What Microsoft Entra Identity Protection alerts exist for this user?Microsoft Entra ID
What Microsoft Entra administrative units were created by this user?Microsoft Entra ID
What Microsoft Entra administrative units were deleted by this user?Microsoft Entra ID
What Microsoft Entra device registrations match this hostname?Microsoft Entra ID
What Security Alerts are a part of this Microsoft 365 Defender incident?Microsoft Entra ID
What User Principal Name (UPN) corresponds to this Microsoft Entra Object ID?Microsoft Entra ID
What account administration actions were performed by this Microsoft Entra user?Microsoft Entra ID
What account compromise risks were detected by Microsoft Entra ID Protection for this user?Microsoft Entra ID
What activity exists for this session according to Microsoft Defender for Cloud Apps?Microsoft Entra ID
What activity originated from a risky IP address according to Microsoft Defender for Cloud Apps?Microsoft Entra ID
What activity was performed from behind an anonymous proxy according to Microsoft Defender for Cloud Apps?Microsoft Entra ID
What administrative units exist in Microsoft Entra ID?Microsoft Entra ID
What administrative units were created in Microsoft Entra ID?Microsoft Entra ID
What administrative units were deleted in Microsoft Entra ID?Microsoft Entra ID
What administrators successfully reset the password for this user account in Microsoft Entra ID?Microsoft Entra ID
What application certificates and secrets were updated by this user in Microsoft Entra ID?Microsoft Entra ID
What application certificates and secrets were updated in Microsoft Entra ID?Microsoft Entra ID
What application consents have been granted by this user in Microsoft Entra ID?Microsoft Entra ID
What application consents were granted in Microsoft Entra ID?Microsoft Entra ID
What application is represented by this Microsoft Entra service principal?Microsoft Entra ID
What application registrations exist in Microsoft Entra ID?Microsoft Entra ID
What application roles assignments were removed from service principals in Microsoft Entra ID?Microsoft Entra ID
What application roles did this user assign to service principals in Microsoft Entra ID?Microsoft Entra ID
What application roles were assigned to service principals in Microsoft Entra ID?Microsoft Entra ID
What applications did this user update in Microsoft Entra ID?Microsoft Entra ID
What applications were added to Microsoft Entra ID?Microsoft Entra ID
What applications were created by this user in Microsoft Entra ID?Microsoft Entra ID
What applications were deleted from Microsoft Entra ID?Microsoft Entra ID
What are the details for this Microsoft Entra ID device?Microsoft Entra ID
What are the details of this Microsoft Entra ID device?Microsoft Entra ID
What are the details of this Microsoft Entra Security Alert?Microsoft Entra ID
What are the members of this administrative unit in Microsoft Entra ID?Microsoft Entra ID
What are the multifactor authentication (MFA) registration settings for this user in Microsoft Entra ID?Microsoft Entra ID
What are the properties of the Microsoft Entra user with this email address?Microsoft Entra ID
What are the properties of this Microsoft Entra ID group?Microsoft Entra ID
What are the properties of this Microsoft Entra Tenant?Microsoft Entra ID
What are the properties of this Microsoft Entra application?Microsoft Entra ID
What are the properties of this administrative unit in Microsoft Entra ID?Microsoft Entra ID
What are the properties of this conditional access policy in Microsoft Entra ID?Microsoft Entra ID
What are the properties of this distribution group in Microsoft 365 Exchange?Microsoft Entra ID
What are the properties of this domain name configured in Microsoft Entra ID?Microsoft Entra ID
What are the properties of this user in Microsoft Entra ID?Microsoft Entra ID
What are the registered users for this device in Microsoft Entra ID?Microsoft Entra ID
What are the scoped-role memberships of this administrative unit in Microsoft Entra ID?Microsoft Entra ID
What automatic replies settings are currently configured for this user ID in Microsoft 365 Exchange?Microsoft Entra ID
What automatic replies settings are currently configured for this user in Microsoft 365 Exchange?Microsoft Entra ID
What behaviors were detected in Microsoft Defender for Cloud Apps?Microsoft Entra ID
What certificates and secrets for this application were updated in Microsoft Entra ID?Microsoft Entra ID
What conditional access policies are currently enabled in Microsoft Entra ID?Microsoft Entra ID
What conditional access policies directly exclude this user Microsoft Entra ID?Microsoft Entra ID
What conditional access policies were updated in Microsoft Entra ID?Microsoft Entra ID
What delegated permission grants were added to applications in Microsoft Entra ID?Microsoft Entra ID
What delegated permission grants were added to this application in Microsoft Entra ID?Microsoft Entra ID
What delegated permission grants were removed from applications in Microsoft Entra ID?Microsoft Entra ID
What device code authentication flows originated from unmanaged devices according to Microsoft Defender XDR Advanced Hunting Sign In Events?Microsoft Entra ID
What devices are owned by this user in Microsoft Entra ID?Microsoft Entra ID
What devices are registered to this user in Microsoft Entra ID?Microsoft Entra ID
What devices were added in Microsoft Entra ID?Microsoft Entra ID
What devices were registered to this user in Microsoft Entra ID?Microsoft Entra ID
What directory audit activity was initiated by this user in Microsoft Entra ID?Microsoft Entra ID
What directory roles is this Microsoft Entra ID user assigned?Microsoft Entra ID
What domains are configured in Microsoft Entra ID?Microsoft Entra ID
What entities are associated with this behavior in Microsoft Defender for Cloud Apps?Microsoft Entra ID
What failed attempts to change this users password exist in Microsoft Entra ID?Microsoft Entra ID
What failed sign-in activity exists for this user in Microsoft Entra ID?Microsoft Entra ID
What failed sign-in activity exists in Microsoft Entra ID for this user? (Microsoft Beta Sign Ins)Microsoft Entra ID
What failed sign-in activity in Microsoft Entra ID originated from this IP address? (Microsoft Beta Sign Ins)Microsoft Entra ID
What groups exist in Microsoft Entra ID?Microsoft Entra ID
What groups was this user added to in Microsoft Entra ID?Microsoft Entra ID
What groups was this user removed from in Microsoft Entra ID?Microsoft Entra ID
What groups were added in Microsoft Entra ID?Microsoft Entra ID
What groups were created by this user in Microsoft Entra ID?Microsoft Entra ID
What groups were deleted from Microsoft Entra ID?Microsoft Entra ID
What groups were updated in Microsoft Entra ID?Microsoft Entra ID
What groups, roles, and admin units does this user belong to in Microsoft Entra ID?Microsoft Entra ID
What interactive sign-in activity exists in Microsoft Entra ID for this IP address? (Microsoft Beta Sign Ins)Microsoft Entra ID
What interactive sign-in activity exists in Microsoft Entra ID for this user? (Microsoft Beta Sign Ins)Microsoft Entra ID
What is the Microsoft Entra User Principal Name (UPN) associated with this email address?Microsoft Entra ID
What is the email address for this Microsoft Entra User Principal Name (UPN)?Microsoft Entra ID
What is the resource information for this Microsoft Entra user?Microsoft Entra ID
What is the supporting evidence of this Microsoft Defender XDR alert?Microsoft Entra ID
What is this user's Microsoft Entra Object ID?Microsoft Entra ID
What members were added to administrative units by this user in Microsoft Entra ID?Microsoft Entra ID
What members were added to administrative units in Microsoft Entra ID?Microsoft Entra ID
What members were added to this group in Microsoft Entra ID?Microsoft Entra ID
What members were removed from administrative units by this user in Microsoft Entra ID?Microsoft Entra ID
What members were removed from administrative units in Microsoft Entra ID?Microsoft Entra ID
What members were removed from this group in Microsoft Entra ID?Microsoft Entra ID
What modifications were made to the multifactor authentication (MFA) settings for this user in Microsoft Entra ID?Microsoft Entra ID
What modifications were made to the multifactor authentication (MFA) settings for users in Microsoft Entra ID?Microsoft Entra ID
What multifactor authentication (MFA) challenges were failed by this user in Microsoft Entra ID?Microsoft Entra ID
What multifactor authentication (MFA) methods are registered for this user in Microsoft Entra ID?Microsoft Entra ID
What multifactor authentication (MFA) methods were added to this user's Microsoft Entra account?Microsoft Entra ID
What multifactor authentication (MFA) methods were removed from this Microsoft Entra user's account?Microsoft Entra ID
What multifactor authentication (MFA) sign-in activity exists for this user in Microsoft Entra ID? (Microsoft Beta Sign Ins)Microsoft Entra ID
What multifactor authentication (MFA) sign-in activity in Microsoft Entra ID originated from this IP address? (Microsoft Beta Sign Ins)Microsoft Entra ID
What new directory role assignments have been made for this user in Microsoft Entra ID?Microsoft Entra ID
What non-interactive sign-in activity exists in Microsoft Entra ID for this IP address? (Microsoft Beta Sign Ins)Microsoft Entra ID
What non-interactive sign-in activity exists in Microsoft Entra ID for this session? (Microsoft Beta Sign Ins)Microsoft Entra ID
What non-interactive sign-in activity exists in Microsoft Entra ID for this user? (Microsoft Beta Sign Ins)Microsoft Entra ID
What previously deleted applications were restored in Microsoft Entra ID?Microsoft Entra ID
What previously deleted groups were restored in Microsoft Entra ID?Microsoft Entra ID
What previously deleted users were restored in Microsoft Entra ID?Microsoft Entra ID
What properties of this application were updated in Microsoft Entra ID?Microsoft Entra ID
What properties of this group were updated in Microsoft Entra ID?Microsoft Entra ID
What properties of this service principal were updated in Microsoft Entra ID?Microsoft Entra ID
What properties of this user were updated in Microsoft Entra ID?Microsoft Entra ID
What risky sign-in activity exists in Microsoft Entra ID for this user? (Microsoft Beta Sign Ins)Microsoft Entra ID
What risky sign-in activity in Microsoft Entra ID originated from this IP address? (Microsoft Beta Sign Ins)Microsoft Entra ID
What risky sign-in activity originating from this user was detected by Microsoft Entra ID Protection?Microsoft Entra ID
What service principal sign-in activity exists in Microsoft Entra ID for this application? (Microsoft Beta Sign Ins)Microsoft Entra ID
What service principals did this user restore in Microsoft Entra ID?Microsoft Entra ID
What service principals did this user update in Microsoft Entra ID?Microsoft Entra ID
What service principals exist in Microsoft Entra ID?Microsoft Entra ID
What service principals were added in Microsoft Entra ID?Microsoft Entra ID
What service principals were modified in Microsoft Entra ID?Microsoft Entra ID
What service principals were removed in Microsoft Entra ID?Microsoft Entra ID
What service principals were restored in Microsoft Entra ID?Microsoft Entra ID
What service principals were updated in Microsoft Entra ID?Microsoft Entra ID
What session IDs are associated with this IP address according to Microsoft Defender XDR Advanced Hunting Sign In Events?Microsoft Entra ID
What sessions were created with a single authentication factor according to Microsoft Defender XDR Advanced Hunting Sign In Events?Microsoft Entra ID
What sign-in activity exists in Microsoft Entra ID for this user? (Microsoft Beta Sign Ins)Microsoft Entra ID
What sign-in activity for this user failed due to conditional access policy violations in Microsoft Entra ID?Microsoft Entra ID
What sign-in activity for this user failed due to conditional access policy violations? (Microsoft Beta Sign Ins)Microsoft Entra ID
What sign-in activity for this user originated from an unmanaged or non-compliant device in Microsoft Entra ID?Microsoft Entra ID
What sign-in activity from this IP address failed due to conditional access policy violations in Microsoft Entra ID?Microsoft Entra ID
What sign-in activity from this IP address failed due to conditional access policy violations? (Microsoft Beta Sign Ins)Microsoft Entra ID
What sign-in activity from this IP address was flagged by users in Microsoft Entra ID? (Microsoft Beta Sign Ins)Microsoft Entra ID
What sign-in activity in Microsoft Entra ID originated from this IP address? (Microsoft Beta Sign Ins)Microsoft Entra ID
What sign-in activity originated from this IP address in Microsoft Entra ID?Microsoft Entra ID
What sign-in activity originated from this device in Microsoft Entra ID?Microsoft Entra ID
What sign-in activity originated from this user in Microsoft Entra ID?Microsoft Entra ID
What sign-in activity originating from a non-compliant or unmanaged device exists in Microsoft Entra ID for this user? (Microsoft Beta Sign Ins)Microsoft Entra ID
What sign-in activity was flagged by this user in Microsoft Entra ID? (Microsoft Beta Sign Ins)Microsoft Entra ID
What sign-in activity was flagged by users in Microsoft Entra ID? (Microsoft Beta Sign Ins)Microsoft Entra ID
What single factor authentication sign-in activity exists for this user Microsoft Entra ID? (Microsoft Beta Sign Ins)Microsoft Entra ID
What single factor authentication sign-in activity in Microsoft Entra ID originated from this IP address? (Microsoft Beta Sign Ins)Microsoft Entra ID
What single-factor sign-in activity from this IP address was not protected by conditional access policies? (Microsoft Beta Sign Ins)Microsoft Entra ID
What successful password change attempts exist for this user in Microsoft Entra ID?Microsoft Entra ID
What successful sign-in activity exists for this user in Microsoft Entra ID?Microsoft Entra ID
What successful sign-in activity exists in Microsoft Entra ID for this user? (Microsoft Beta Sign Ins)Microsoft Entra ID
What successful sign-in activity for this IP address was not protected by conditional access policies in Microsoft Entra ID?Microsoft Entra ID
What successful sign-in activity for this user was not protected by conditional access policies in Microsoft Entra ID?Microsoft Entra ID
What successful sign-in activity for this user was not protected by conditional access policies? (Microsoft Beta Sign Ins)Microsoft Entra ID
What successful sign-in activity from this IP address was not protected by conditional access policies? (Microsoft Beta Sign Ins)Microsoft Entra ID
What successful sign-in activity in Microsoft Entra ID originated from this IP address? (Microsoft Beta Sign Ins)Microsoft Entra ID
What users are members of this Microsoft Entra Directory Role?Microsoft Entra ID
What users are members of this Microsoft Entra group?Microsoft Entra ID
What users do not have any multifactor authentication (MFA) methods registered in Microsoft Entra ID?Microsoft Entra ID
What users have failed a multifactor authentication (MFA) challenge in Microsoft Entra ID?Microsoft Entra ID
What users have failed multifactor authentication (MFA) challenges from this IP address in Microsoft Entra ID?Microsoft Entra ID
What users have failed password change attempts in Microsoft Entra ID?Microsoft Entra ID
What users have failed sign-in activity from this IP address in Microsoft Entra ID?Microsoft Entra ID
What users have successful sign-in activity from this IP address in Microsoft Entra ID?Microsoft Entra ID
What users were added in Microsoft Entra ID?Microsoft Entra ID
What users were added to groups in Microsoft Entra ID?Microsoft Entra ID
What users were created by this user in Microsoft Entra ID?Microsoft Entra ID
What users were deleted from Microsoft Entra?Microsoft Entra ID
What users were disabled in Microsoft Entra ID?Microsoft Entra ID
What users were locked out by Microsoft Entra smart lockout?Microsoft Entra ID
What users were registered to this device in Microsoft Entra ID?Microsoft Entra ID
What users were removed from a group in Microsoft Entra ID?Microsoft Entra ID
What users with account compromise risk were detected by Microsoft Entra ID Protection?Microsoft Entra ID
What users with risky sign-in activity were detected by Microsoft Entra ID Protection?Microsoft Entra ID
Which users have had their passwords successfully changed in Microsoft Entra ID?Microsoft Entra ID
Which users have had their passwords successfully reset by an administrator in Microsoft Entra ID?Microsoft Entra ID
Who are this user's direct reports in Microsoft Entra ID?Microsoft Entra ID
Who is this user's manager in Microsoft Entra ID?Microsoft Entra ID
What IP addresses accessed this Microsoft 365 Exchange mailbox?Microsoft Exchange
What IP addresses accessed this user's Microsoft 365 Exchange mailbox?Microsoft Exchange
What Microsoft 365 Exchange users accessed this mailbox item according to Microsoft Defender for Cloud Apps?Microsoft Exchange
What Microsoft 365 Security and Compliance Alerts have been generated?Microsoft Exchange
What Microsoft Entra User Principal Name is associated with this Exchange Identity?Microsoft Exchange
What Microsoft Teams URL click events permitted by Safe Links exist for this user according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What Safe Links URL click events exist for this URL according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What Safe Links URL click events exist for this domain according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What Safe Links URL click events exist for this user according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What URL click events exist for emails classified as threats according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What URL info exists for this email according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What are the details of this Microsoft 365 Security and Compliance Alert?Microsoft Exchange
What are the details of this Microsoft Defender for Office 365 user submitted alert?Microsoft Exchange
What are the properties of this transport rule in Microsoft 365 Exchange?Microsoft Exchange
What attachment info exists for this email according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What delegate permissions were granted for this user's mailbox in Microsoft 365 Exchange?Microsoft Exchange
What email URL click events permitted by Safe Links exist for this user according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What email address is associated with this Microsoft 365 Exchange Identity?Microsoft Exchange
What email events exist for this email according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What email events exist for this message according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What email forwarding rules have been configured to forward messages to this email address in Microsoft 365 Exchange?Microsoft Exchange
What email forwarding rules were created for mailboxes in Microsoft 365 Exchange?Microsoft Exchange
What email forwarding rules were created or enabled by this user in Microsoft 365 Exchange?Microsoft Exchange
What email message trace details exist for this message in Microsoft 365 Exchange?Microsoft Exchange
What email message trace details exist for this sender in Microsoft 365 Exchange?Microsoft Exchange
What email messages were marked as phishing or spam by the Microsoft Defender for Office 365 Threat Investigation and Response capabilities?Microsoft Exchange
What emails contain embedded URLs with this domain according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails contained a file attachment with this name according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails contained an attachment with this SHA256 according to Microsoft Defender for Endpoint?Microsoft Exchange
What emails contained this URL according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails exist for this recipient according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails exist for this sender IP address according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails has this user reported to Microsoft Defender for Office 365 as Phishing or Spam?Microsoft Exchange
What emails in Microsoft 365 Exchange were sent from this IP address?Microsoft Exchange
What emails marked successfully delivered exist for this domain according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails marked successfully delivered exist for this sender according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails were accessed in this user's mailbox according to Microsoft Defender for Cloud Apps?Microsoft Exchange
What emails were deleted from this Microsoft 365 Exchange mailbox?Microsoft Exchange
What emails were reported by users to Microsoft Defender for Office 365 as Phishing or Spam?Microsoft Exchange
What emails were sent by a delegate from this user's Microsoft 365 Exchange mailbox?Microsoft Exchange
What emails were sent by this email address in Microsoft 365 Exchange?Microsoft Exchange
What emails were sent by this user in Microsoft 365 Exchange?Microsoft Exchange
What emails with attachments and an external sender (inbound) exist for this user according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails with attachments and external recipients (outbound) exist for this sender IP address according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails with attachments and external recipients (outbound) exist for this sender according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails with attachments and external recipients (outbound) exist for this user according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails with attachments exist for this external sender (inbound) according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails with classified threats exist for this sender according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails with embedded URLs exist for this sender according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails with external recipients (outbound) exist for this sender IP address according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails with external recipients (outbound) exist for this sender according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What emails with external recipients (outbound) exist for this user according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
What inbox folder permissions were modified in Microsoft 365 Exchange mailboxes owned by this user?Microsoft Exchange
What inbox forwarding rules were created for this user's mailbox in Microsoft 365 Exchange?Microsoft Exchange
What inbox rules were created, enabled, or updated by this user in Microsoft 365 Exchange?Microsoft Exchange
What inbox rules, including hidden rules, exist for this Mailbox in Microsoft Exchange Online?Microsoft Exchange
What inbox rules, including hidden rules, exist for this Microsoft Exchange Online mailbox?Microsoft Exchange
What inbox rules, including hidden rules, exist for this user in Microsoft Exchange Online?Microsoft Exchange
What is the email address for this Microsoft Entra Object ID?Microsoft Exchange
What mail flow transport rule changes exist according to Microsoft Defender for Cloud Apps?Microsoft Exchange
What mailbox items in Microsoft 365 Exchange were deleted by this user?Microsoft Exchange
What mailbox items in Microsoft 365 Exchange were moved by this user?Microsoft Exchange
What mailbox items were accessed by this application according to Microsoft Defender for Cloud Apps?Microsoft Exchange
What mailbox items were accessed by this user in Microsoft 365 Exchange?Microsoft Exchange
What mailbox items were accessed during this session according to Microsoft Defender for Cloud Apps?Microsoft Exchange
What mailbox items were accessed from this IP address according to Microsoft Defender for Cloud Apps?Microsoft Exchange
What mailbox items were moved within this Microsoft 365 Exchange mailbox?Microsoft Exchange
What mailboxes allow delegate users to send messages on behalf of another Microsoft 365 Exchange user?Microsoft Exchange
What read emails in the user's Microsoft 365 Exchange mailbox contain embedded URLs?Microsoft Exchange
What read emails in the user's Microsoft 365 Exchange mailbox have attachments?Microsoft Exchange
What related emails have been identified by Microsoft Defender for Office 365 email clustering analysis?Microsoft Exchange
What transport forwarding rules were created or enabled by this user in Microsoft 365 Exchange?Microsoft Exchange
What transport forwarding rules were created or enabled in Microsoft 365 Exchange?Microsoft Exchange
What transport forwarding rules were deleted or disabled by this user in Microsoft 365 Exchange?Microsoft Exchange
What transport forwarding rules were deleted or disabled in Microsoft 365 Exchange?Microsoft Exchange
What transport rules are currently enabled in Microsoft 365 Exchange?Microsoft Exchange
What transport rules mention this email address in Microsoft 365 Exchange?Microsoft Exchange
What transport rules mention this user in Microsoft 365 Exchange?Microsoft Exchange
What users had full access delegate permissions for their mailbox added in Microsoft 365 Exchange?Microsoft Exchange
What users had full access delegate permissions for their mailbox removed in Microsoft 365 Exchange?Microsoft Exchange
What users have access to this mailbox in Microsoft 365 Exchange?Microsoft Exchange
What users have delegate permissions for this user's mailbox in Microsoft 365 Exchange?Microsoft Exchange
What users received an anomalously high volume of external (inbound) emails according to Microsoft Defender XDR Advanced Hunting?Microsoft Exchange
When was 'Send on Behalf' permission granted for this mailbox in Microsoft 365 Exchange?Microsoft Exchange
Which Microsoft 365 Exchange accounts have been granted permissions required to send mail on behalf of this user?Microsoft Exchange
What Microsoft 365 SharePoint or OneDrive activity exists for this IP address?Microsoft SharePoint
What Microsoft 365 SharePoint or OneDrive resources has an anonymous sharing link been created for?Microsoft SharePoint
What Microsoft 365 SharePoint sites were visited by this user?Microsoft SharePoint
What SharePoint or OneDrive file activity exists for this IP address according to Microsoft Defender for Cloud Apps?Microsoft SharePoint
What SharePoint or OneDrive file activity exists for this user according to Microsoft Defender for Cloud Apps?Microsoft SharePoint
What SharePoint or OneDrive file sync activity exists for IP addresses associated with this device?Microsoft SharePoint
What SharePoint or OneDrive resources were accessed with anonymous or secure sharing links according to Microsoft Defender for Cloud Apps?Microsoft SharePoint
What SharePoint or OneDrive secure link activity exists according to Microsoft Defender for Cloud Apps?Microsoft SharePoint
What SharePoint or OneDrive sharing activity exists for this user according to Microsoft Defender for Cloud Apps?Microsoft SharePoint
What anonymous links were used to access this resource in Microsoft 365 SharePoint or OneDrive?Microsoft SharePoint
What anonymous or secure link access events exist for this SharePoint or OneDrive resource ID according to Microsoft Defender for Cloud Apps?Microsoft SharePoint
What anonymous or secure link access events exist for this SharePoint or OneDrive resource URL according to Microsoft Defender for Cloud Apps?Microsoft SharePoint
What anonymous sharing links were updated in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What are the top 20 users with the most SharePoint or OneDrive file access activity according to Microsoft Defender for Cloud Apps?Microsoft SharePoint
What download events exist for files with this name in SharePoint or OneDrive according to Microsoft Defender for Cloud Apps?Microsoft SharePoint
What files did this user have open for an extended period in Microsoft 365 SharePoint or OneDrive?Microsoft SharePoint
What files have been shared by this user in Microsoft 365 SharePoint or OneDrive?Microsoft SharePoint
What files were accessed in Microsoft 365 SharePoint or OneDrive by this application?Microsoft SharePoint
What files were accessed in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What files were accessed in Microsoft 365 SharePoint or OneDrive from this IP address?Microsoft SharePoint
What files were copied by this user in Microsoft 365 SharePoint or OneDrive?Microsoft SharePoint
What files were downloaded from Microsoft 365 SharePoint or OneDrive by this IP address?Microsoft SharePoint
What files were downloaded from Microsoft 365 SharePoint or OneDrive by this application?Microsoft SharePoint
What files were downloaded from Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What files were emptied from the recycle bin in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What files were modified in Microsoft 365 SharePoint or OneDrive by this application?Microsoft SharePoint
What files were modified in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What files were moved in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What files were moved to the recycle bin in Microsoft 365 SharePoint or OneDrive by this application?Microsoft SharePoint
What files were moved to the recycle bin in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What files were renamed in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What files were restored in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What files were uploaded to Microsoft 365 SharePoint or OneDrive by this application?Microsoft SharePoint
What files were uploaded to Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What files were uploaded to Microsoft 365 SharePoint or OneDrive from this IP address?Microsoft SharePoint
What folders were moved to the recycle bin in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What resource access requests were denied in Microsoft 365 SharePoint or OneDrive?Microsoft SharePoint
What resource access requests were updated in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What resources did this user request to access in Microsoft 365 SharePoint or OneDrive?Microsoft SharePoint
What search queries were performed against Microsoft 365 SharePoint or OneDrive by this application?Microsoft SharePoint
What search queries were performed against Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What secure links were used to access this resource in Microsoft 365 SharePoint or OneDrive?Microsoft SharePoint
What secure sharing links were created in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What secure sharing links were deleted in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What secure sharing links were updated in Microsoft 365 SharePoint or OneDrive by this user?Microsoft SharePoint
What site access requests were approved in Microsoft 365 SharePoint or OneDrive?Microsoft SharePoint
What site permissions were modified in Microsoft 365 SharePoint or OneDrive?Microsoft SharePoint
What upload events exist for files with this name in SharePoint or OneDrive according to Microsoft Defender for Cloud Apps?Microsoft SharePoint
What users downloaded this file in Microsoft 365 SharePoint or OneDrive?Microsoft SharePoint
What Microsoft Teams call activity involved screen sharing control requests?Microsoft Teams
What Microsoft Teams call activity involving screen sharing control requests did this user attend?Microsoft Teams
What Microsoft Teams call records exist for calls this user participated in?Microsoft Teams
What Microsoft Teams calls from external organizers did this user receive according to Microsoft Defender for Cloud Apps?Microsoft Teams
What Microsoft Teams messages contain URLs with this domain according to Microsoft Defender for Cloud Apps?Microsoft Teams
What Microsoft Teams messages with links were created by this user according to Microsoft Defender for Cloud Apps?Microsoft Teams
What audit log events exist for this Microsoft Teams Message according to Microsoft Defender for Cloud Apps?Microsoft Teams
What call record data exists for this Microsoft Teams call?Microsoft Teams
What call record session data exists for this Microsoft Teams call?Microsoft Teams
What external Microsoft Teams message threads containing URLs included this user according to Microsoft Defender for Cloud Apps?Microsoft Teams
What message events, including URL info, exist for this Microsoft Teams Message according to Microsoft Defender for Cloud Apps?Microsoft Teams
What users received Microsoft Teams calls from an external organizer according to Microsoft Defender for Cloud Apps?Microsoft Teams
What Okta API secret creation attempts exist?Okta
What Okta API secret creation attempts were generated by this Okta user?Okta
What Okta API secret creation attempts were generated from this IP address?Okta
What Okta Application Programming Interface (API) tokens were created?Okta
What Okta Application has this ID?Okta
What Okta Identity Threat Protection (ITP) events exist?Okta
What Okta System account actions target this Okta user?Okta
What Okta User ID uses this email address to log in?Okta
What Okta accounts were activated?Okta
What Okta administrators approved application consent grants?Okta
What Okta administrators approved consent grants from this IP?Okta
What Okta applications were added to this group?Okta
What Okta applications were removed from this group?Okta
What Okta applications were updated?Okta
What Okta device profiles are associated with this hostname?Okta
What Okta group profiles were updated?Okta
What Okta login events exist for this user?Okta
What Okta logins exist for this IP address?Okta
What Okta multifactor authentication (MFA) devices were suspended or deactivated?Okta
What Okta multifactor authentication (MFA) factors were activated from this IP address?Okta
What Okta multifactor authentication (MFA) factors were activated?Okta
What Okta multifactor authentication (MFA) factors were deactivated from this IP address?Okta
What Okta multifactor authentication (MFA) push notification requests were generated from this IP address?Okta
What Okta policies were created?Okta
What Okta policy mappings were created by this Okta user?Okta
What Okta policy mappings were created from this IP address?Okta
What Okta policy mappings were created?Okta
What Okta system log event has this UUID?Okta
What Okta system log events are a part of this transaction?Okta
What Okta user account password changes originated from this IP address?Okta
What Okta user account password changes were initiated by this Okta User?Okta
What Okta user accounts are associated with this Microsoft Entra User Principal Name?Okta
What Okta user accounts are associated with this email address?Okta
What Okta user accounts were created by this Okta user?Okta
What Okta user accounts were created from this IP address?Okta
What Okta user profile is associated with this Okta device?Okta
What Okta users had failed multifactor authentication (MFA) attempts from this IP address?Okta
What Okta users show password change attempts?Okta
What Okta users were locked out due to failed sign-in attempts?Okta
What Security Notification activity was reported as suspicious by Okta users?Okta
What Security Notification activity was reported as suspicious by this Okta user?Okta
What account lockout events exist for this Okta user?Okta
What account unlock events exist for this Okta user?Okta
What actions did the Okta System account perform?Okta
What application consent grants were approved by this Okta administrator?Okta
What application memberships were added by this Okta user account?Okta
What application memberships were added to this Okta user account?Okta
What application registrations are active in Okta?Okta
What applications are assigned to this Okta user?Okta
What applications did this Okta user access with Single Sign On (SSO) authentication?Okta
What applications was this Okta user removed from?Okta
What are the properties of this Okta device?Okta
What attempts exist to create Okta API service integrations?Okta
What attempts to create Okta API service integrations were made from this IP address?Okta
What attempts to create Okta applications exist?Okta
What attempts to create Okta applications were made from this IP address?Okta
What attempts to remove Okta applications exist?Okta
What attempts to remove Okta applications were made from this IP address?Okta
What attempts to update Okta applications exist?Okta
What attempts to update Okta applications were made from this IP address?Okta
What conditions apply to this Okta policy?Okta
What devices are registered to this Okta user?Okta
What devices were added to this Okta user account?Okta
What devices were removed from this Okta user account?Okta
What email address changes exist for this Okta user?Okta
What external Identity Providers is Okta federated with?Okta
What groups exist in Okta?Okta
What groups is this Okta user a member of?Okta
What groups was this Okta user added to?Okta
What groups was this Okta user removed from?Okta
What high-risk sign-ins required multifactor authentication (MFA) due to changes detected by Okta Behavior Detection?Okta
What is the email address for this Okta User ID?Okta
What is the email address for this Okta User Login?Okta
What is the resource information for this user in Okta?Okta
What is the status of this Okta user account?Okta
What is this Okta user's profile information?Okta
What is this user's Okta User ID?Okta
What multifactor authentication (MFA) devices were suspended or deactivated by this Okta user?Okta
What multifactor authentication (MFA) factors has this Okta user enrolled?Okta
What multifactor authentication (MFA) factors were activated for this Okta user account?Okta
What multifactor authentication (MFA) methods did this Okta account use to verify its identity?Okta
What multifactor authentication (MFA) methods did this user attempt to authenticate with?Okta
What multifactor authentication (MFA) methods failed to authenticate this Okta user?Okta
What multifactor authentication (MFA) methods successfully authenticated Okta users from this IP address?Okta
What multifactor authentication (MFA) methods successfully authenticated this Okta user?Okta
What multifactor authentication (MFA) push notification requests were generated for this Okta user?Okta
What multifactor authentication (MFA) push notification requests were generated in Okta?Okta
What permissions does this Okta role grant?Okta
What policies were evaluated during this Okta user's sign in attempts?Okta
What privileges were granted to this Okta group?Okta
What privileges were revoked from this Okta group?Okta
What profile modification events exist for this Okta user?Okta
What roles are assigned to this Okta group?Okta
What roles are assigned to this Okta user?Okta
What rules have been added to any Okta Policy?Okta
What security threats has Okta detected coming from this IP address?Okta
What security threats has Okta detected?Okta
What session termination events exist for this Okta user?Okta
What sign-on attempts from potentially suspicious IP addresses were detected by Okta ThreatInsight?Okta
What suspicious activity was reported by this Okta user?Okta
What user accounts have been created in Okta?Okta
What users are members of this Okta group?Okta
What users attempted to access the Okta Admin Application?Okta
What users attempted to access the Okta admin panel from this IP address?Okta
What users exist in Okta for this federated Identity Provider?Okta
What users have failed an Okta multifactor authentication (MFA) challenge?Okta
What users were prompted for multifactor authentication (MFA) due to changes detected by Okta Behavior Detection?Okta
When did this Okta user attempt to access the Okta admin panel?Okta
When did this Okta user attempt to create an API service integration?Okta
When did this Okta user attempt to create an Okta application?Okta
When did this Okta user attempt to remove an Okta application?Okta
When did this Okta user attempt to update an Okta application?Okta
When was the password changed for this Okta user account?Okta
When was this Okta user account activated?Okta
When was this Okta user account created?Okta
When was this Okta user account last updated?Okta
When was this Okta user account's status most recently changed?Okta
Which authentication attempts triggered Okta Behavior Detection for this user?Okta
Which multifactor authentication (MFA) push notifications were required by Okta Behavior Detection for this user?Okta
Which multifactor authentication (MFA) push notifications were required by Okta Behavior Detection from this IP address?Okta
Which multifactor authentication (MFA) push notifications were required by Okta Behavior Detection?Okta
Which user authentication attempts triggered Okta Behavior Detection from this IP address?Okta
Which user authentication attempts triggered Okta Behavior Detection?Okta
What AWS alerts have been generated in Orca Security?Orca Security
What DNS lookups targeted this domain according to Palo Alto Cortex XDR?Palo Alto Cortex
What HTTP requests were initiated by processes in this causality chain according to Palo Alto Cortex XDR?Palo Alto Cortex
What Palo Alto Cortex XDR alerts are associated with this IP address?Palo Alto Cortex
What Palo Alto Cortex XDR alerts are associated with this file?Palo Alto Cortex
What Palo Alto Cortex XDR alerts are associated with this host?Palo Alto Cortex
What Palo Alto Cortex XDR alerts are associated with this hostname?Palo Alto Cortex
What Palo Alto Cortex XDR alerts are associated with this local user name?Palo Alto Cortex
What Palo Alto Cortex XDR alerts reference this MD5 hash?Palo Alto Cortex
What Palo Alto Cortex XDR alerts reference this SHA 256 hash?Palo Alto Cortex
What Remote Desktop Protocol (RDP) activity originated from this IP according to Palo Alto Cortex XDR?Palo Alto Cortex
What Remote Desktop Protocol (RDP) activity originated from this device according to Palo Alto Cortex XDR?Palo Alto Cortex
What Remote Desktop Protocol (RDP) activity targeted this IP according to Palo Alto Cortex XDR?Palo Alto Cortex
What Remote Desktop Protocol (RDP) activity targeted this device according to Palo Alto Cortex XDR?Palo Alto Cortex
What USB device mount events have been observed with this USB serial number according to Palo Alto Cortex XDR?Palo Alto Cortex
What USB mount events were observed for this local user name according to Palo Alto Cortex XDR?Palo Alto Cortex
What USB mount events were observed on this device according to Palo Alto Cortex XDR?Palo Alto Cortex
What USB mount events were observed on this host according to Palo Alto Cortex XDR?Palo Alto Cortex
What Windows Startup folder additions were made on this device according to Palo Alto Cortex XDR?Palo Alto Cortex
What Windows Startup folder additions were performed by this process according to Palo Alto Cortex XDR?Palo Alto Cortex
What alerts are associated with this Palo Alto Cortex XDR incident?Palo Alto Cortex
What alerts exist in Palo Alto Cortex XDR?Palo Alto Cortex
What are the details of this Palo Alto Cortex XDR alert?Palo Alto Cortex
What are the details of this Palo Alto Cortex XDR incident?Palo Alto Cortex
What are the details of this event according to Palo Alto Cortex XDR?Palo Alto Cortex
What are the properties of this endpoint in Palo Alto Cortex XDR?Palo Alto Cortex
What are the properties of this host in Palo Alto Cortex XDR?Palo Alto Cortex
What child processes were created by processes in this causality chain according to Palo Alto Cortex XDR?Palo Alto Cortex
What child processes were created by this process according to Palo Alto Cortex XDR?Palo Alto Cortex
What events are part of this story according to Palo Alto Cortex XDR?Palo Alto Cortex
What failed login events exist for this device according to Palo Alto Cortex XDR?Palo Alto Cortex
What file activity was initiated by processes in this causality chain according to Palo Alto Cortex XDR?Palo Alto Cortex
What file activity was initiated by this process according to Palo Alto Cortex XDR?Palo Alto Cortex
What file artifacts are associated with this Palo Alto Cortex XDR incident?Palo Alto Cortex
What file events exist for this SHA256 according to Palo Alto Cortex XDR?Palo Alto Cortex
What file open activity exists for files with this name according to Palo Alto Cortex XDR?Palo Alto Cortex
What high or critical severity vulnerabilities have been observed in hosts monitored by Palo Alto Cortex XDR?Palo Alto Cortex
What high or critical severity vulnerabilities have been observed on this host according to Palo Alto Cortex XDR?Palo Alto Cortex
What host is this IP address associated with in Palo Alto Cortex XDR?Palo Alto Cortex
What hosts exist in Palo Alto Cortex XDR?Palo Alto Cortex
What hosts have this vulnerability according to Palo Alto Cortex XDR?Palo Alto Cortex
What image load activity was initiated by this process according to Palo Alto Cortex XDR?Palo Alto Cortex
What incidents exist in Palo Alto Cortex XDR?Palo Alto Cortex
What internal network activity targeted this host according to Palo Alto Cortex XDR?Palo Alto Cortex
What login events originated from this IP address according to Palo Alto Cortex XDR?Palo Alto Cortex
What login or logout events exist for this Windows security identifier (SID) according to Palo Alto Cortex XDR?Palo Alto Cortex
What login or logout events exist for this device according to Palo Alto Cortex XDR?Palo Alto Cortex
What login or logout events exist for this host according to Palo Alto Cortex XDR?Palo Alto Cortex
What login or logout events exist for this local user name according to Palo Alto Cortex XDR?Palo Alto Cortex
What network activity targeted this IP address according to Palo Alto Cortex XDR?Palo Alto Cortex
What network activity targeted this URL's domain according to Palo Alto Cortex XDR?Palo Alto Cortex
What network connections were initiated by processes in this causality chain according to Palo Alto Cortex XDR?Palo Alto Cortex
What network story activity was initiated by this process according to Palo Alto Cortex XDR?Palo Alto Cortex
What parent process created this causality group owner process according to Palo Alto Cortex XDR?Palo Alto Cortex
What parent process created this process according to Palo Alto Cortex XDR?Palo Alto Cortex
What process creation activity exists for processes with this SHA 256 according to Palo Alto Cortex XDR?Palo Alto Cortex
What process injection activity was initiated by processes in this causality chain according to Palo Alto Cortex XDR?Palo Alto Cortex
What process injection activity was initiated by this process according to Palo Alto Cortex XDR?Palo Alto Cortex
What registry access, modification or deletion events were logged on this device according to Palo Alto Cortex XDR?Palo Alto Cortex
What registry activity was initiated by processes in this causality chain according to Palo Alto Cortex XDR?Palo Alto Cortex
What registry activity was initiated by this process according to Palo Alto Cortex XDR?Palo Alto Cortex
What scheduled tasks have been created, updated, or deleted by this process according to Palo Alto Cortex XDR?Palo Alto Cortex
What scheduled tasks have been created, updated, or deleted on this device according to Palo Alto Cortex XDR?Palo Alto Cortex
What service start, interrupt or resume actions were executed via command line by this process according to Palo Alto Cortex XDR?Palo Alto Cortex
What service start, interrupt or resume actions were executed via command line on this device according to Palo Alto Cortex XDR?Palo Alto Cortex
What services were installed, updated or deleted by this process according to Palo Alto Cortex XDR?Palo Alto Cortex
What services were installed, updated or deleted on this device according to Palo Alto Cortex XDR?Palo Alto Cortex
What successful login events exist for this device according to Palo Alto Cortex XDR?Palo Alto Cortex
What IPs are associated with this Proofpoint campaign?Proofpoint TAP
What IPs are associated with this Proofpoint threat?Proofpoint TAP
What Proofpoint campaigns are active?Proofpoint TAP
What Proofpoint users were identified as Very Attacked People in the last 30 days?Proofpoint TAP
What SHA-256 hashes are associated with this Proofpoint campaign?Proofpoint TAP
What SHA-256 hashes are associated with this Proofpoint threat?Proofpoint TAP
What URLs are associated with this Proofpoint campaign?Proofpoint TAP
What URLs are associated with this Proofpoint threat?Proofpoint TAP
What forensic domain lookups are known through this Proofpoint campaign?Proofpoint TAP
What forensic domain lookups are known through this Proofpoint threat?Proofpoint TAP
What classic alerts exist in Recorded Future?Recorded Future
What information is known about this IP address according to Recorded Future?Recorded Future
What information is known about this SHA256 hash according to Recorded Future?Recorded Future
What information is known about this URL according to Recorded Future?Recorded Future
What information is known about this domain according to Recorded Future?Recorded Future
What information is known about this email address according to Recorded Future?Recorded Future
What playbook alerts exist in Recorded Future?Recorded Future
What files contained this email address according to ReversingLabs static analysis?ReversingLabs
What is the ReversingLabs analysis for the last scan of the file with this MD5?ReversingLabs
What is the ReversingLabs analysis for the last scan of the file with this SHA 1?ReversingLabs
What is the ReversingLabs analysis for the last scan of the file with this SHA256?ReversingLabs
What is the ReversingLabs report for this IP address?ReversingLabs
What is the ReversingLabs report for this URL?ReversingLabs
What is the ReversingLabs report for this domain?ReversingLabs
What is the ReversingLabs reputation for the file with this MD5?ReversingLabs
What is the ReversingLabs reputation for the file with this SHA 1?ReversingLabs
What is the ReversingLabs reputation for the file with this SHA256?ReversingLabs
What Network Interface Addresses does SentinelOne associate with this host?SentinelOne
What Remote Desktop Protocol (RDP) activity originated from this device according to SentinelOne Singularity?SentinelOne
What Remote Desktop Protocol (RDP) activity targeted this device according to SentinelOne Singularity?SentinelOne
What SentinelOne threats exist?SentinelOne
What Threat Events are related to this SentinelOne ThreatID?SentinelOne
What are the properties of this SentinelOne agent?SentinelOne
What child processes were created by this process according to SentinelOne Singularity?SentinelOne
What device file events exist for this SHA256 according to SentinelOne Singularity?SentinelOne
What device file events were initiated by this process according to SentinelOne Singularity?SentinelOne
What failed machine login events exist for this device according to SentinelOne Singularity?SentinelOne
What fileless threats have been detected by SentinelOne?SentinelOne
What hosts are associated with this IP address in SentinelOne?SentinelOne
What hosts are registered with SentinelOne?SentinelOne
What hosts has SentinelOne determined are infected?SentinelOne
What information is known for this SentinelOne account?SentinelOne
What network connections were initiated by this process according to SentinelOne Singularity?SentinelOne
What process events exists for this process according to SentinelOne Singularity?SentinelOne
What processes have been observed communicating with this IP address according to SentinelOne Singularity?SentinelOne
What processes have been observed performing DNS lookups with this URL's domain according to SentinelOne Singularity?SentinelOne
What processes with this SHA 256 were created according to SentinelOne Singularity?SentinelOne
What scheduled tasks have been created, updated, or deleted on this device according to SentinelOne Singularity?SentinelOne
What successful machine login events exist for this device according to SentinelOne Singularity?SentinelOne
What threats detected by SentinelOne contain this IP address?SentinelOne
What threats detected by SentinelOne have not been mitigated?SentinelOne
What threats identified by SentinelOne are classified as backdoors?SentinelOne
What threats identified by SentinelOne are classified as malicious?SentinelOne
What threats identified by SentinelOne are classified as malware?SentinelOne
What threats identified by SentinelOne are classified as potentially unwanted applications (PUAs)?SentinelOne
What threats identified by SentinelOne are classified as trojans?SentinelOne
What threats identified by SentinelOne contain this Agent ID?SentinelOne
What threats identified by SentinelOne contain this SHA-1 hash?SentinelOne
What threats identified by SentinelOne contain this filename as a parent or originating process?SentinelOne
What threats identified by SentinelOne contain this filename?SentinelOne
What threats identified by SentinelOne originate from files without a valid signature or certificate?SentinelOne
What user last logged on to this host according to SentinelOne?SentinelOne
What ServiceNow support tickets contain this IP address?ServiceNow
What ServiceNow support tickets contain this Microsoft Entra User Principal Name?ServiceNow
What ServiceNow support tickets contain this Okta user login?ServiceNow
What ServiceNow support tickets contain this domain name?ServiceNow
What ServiceNow support tickets contain this email address?ServiceNow
What ServiceNow support tickets contain this host name?ServiceNow
What information is known about this Spur Context IP tag?Spur
What is the known information surrounding this IP according to Spur Context?Spur
What alerts exist in SpyCloud?SpyCloud
What records exist in SpyCloud for this IP address?SpyCloud
What records exist in SpyCloud for this domain name?SpyCloud
What records exist in SpyCloud for this email address?SpyCloud
What are the VirusTotal vendor verdicts for the last scan of this Domain?VirusTotal
What are the VirusTotal vendor verdicts for the last scan of this IP?VirusTotal
What are the VirusTotal vendor verdicts for the last scan of this SHA256?VirusTotal
What are the VirusTotal vendor verdicts for the last scan of this URL?VirusTotal
What is the known information for this file MD5 according to VirusTotal?VirusTotal
What is the known information for this file SHA1 according to VirusTotal?VirusTotal
What is the known information for this file SHA256 according to VirusTotal?VirusTotal
What is the known information surrounding this IP according to VirusTotal?VirusTotal
What is the known information surrounding this URL according to VirusTotal?VirusTotal
What is the known information surrounding this domain according to VirusTotal?VirusTotal
What URL Categories did this user attempt to browse through Zscaler Internet Access?Zscaler ZIA
What URLs were associated with requests for this domain in Zscaler Internet Access?Zscaler ZIA
What are the 10 least accessed services in Zscaler Internet Access?Zscaler ZIA
What are the 10 most accessed services in Zscaler Internet Access?Zscaler ZIA
What are the properties of the Zscaler user with this email address?Zscaler ZIA
What are the properties of this Zscaler user?Zscaler ZIA
What are the top 10 policy violators in Zscaler Internet Access?Zscaler ZIA
What are the top 10 users by outbound data volume in Zscaler Internet Access?Zscaler ZIA
What are the top 10 users receiving the most data according to Zscaler Internet Access?Zscaler ZIA
What attempts to acccess anonymizer services exist in Zscaler Internet Access for this user?Zscaler ZIA
What attempts to acccess any cloud storage services (e.g., Dropbox, Google Drive) exist in Zscaler Internet Access for this user?Zscaler ZIA
What attempts to access adult content, gambling, or social media sites exist in Zscaler Internet Access for this user?Zscaler ZIA
What attempts to access job search platforms (e.g., LinkedIn, Indeed) exist in Zscaler Internet Access for this user?Zscaler ZIA
What devices are owned by this Zscaler user?Zscaler ZIA
What domains was this user blocked from accessing in Zscaler Internet Access?Zscaler ZIA
What email address is associated with this Zscaler user?Zscaler ZIA
What information exists about this ZScaler Internet Access device?Zscaler ZIA
What requests which would have been blocked by policy were allowed due to override in Zscaler Internet Access?Zscaler ZIA
What services did this host attempt to browse Zscaler Internet Access?Zscaler ZIA
What services in this URL category were visited according to Zscaler Internet Access?Zscaler ZIA
What users attempted to access URLs categorized as 'Malicious Content' in Zscaler Internet Access?Zscaler ZIA
What users attempted to access adult content, gambling, or social media sites according to Zscaler Internet Access?Zscaler ZIA
What users attempted to access anonymizing services according to Zscaler Internet Access?Zscaler ZIA
What users attempted to access cloud storage services (e.g., Dropbox, Google Drive) according to Zscaler Internet Access?Zscaler ZIA
What users attempted to access job search platforms (e.g., LinkedIn, Indeed) according to Zscaler Internet Access?Zscaler ZIA
What users attempted to access this URL in Zscaler Internet Access?Zscaler ZIA
What users attempted to access this domain in Zscaler Internet Access?Zscaler ZIA
What users attempted to access this host in Zscaler Internet Access?Zscaler ZIA
What users uploaded or downloaded a file with this name in Zscaler Internet Access?Zscaler ZIA
What users visited sites in this URL category according to Zscaler Internet Access?Zscaler ZIA
What users with administrator privileges are configured in Zscaler Secure Internet Access (ZIA)?Zscaler ZIA
What applications did this user successfully connect to during a Zscaler Private Access (ZPA) session?Zscaler ZPA
What are the properties of this application in Zscaler Private Access (ZPA)?Zscaler ZPA
What are the properties of this device posture profile in Zscaler Private Access (ZPA)?Zscaler ZPA
What are the properties of this identity provider in Zscaler Private Access (ZPA)?Zscaler ZPA
What host created this session in Zscaler Private Access (ZPA)?Zscaler ZPA
What users connected to applications from this IP address in Zscaler Private Access (ZPA)?Zscaler ZPA
What users successfully connected to this application in Zscaler Private Access (ZPA)?Zscaler ZPA
What users were blocked by policy violations from connecting to a Zscaler Private Access (ZPA) application?Zscaler ZPA

See the questions run in production

Book a Command Zero demo.

Live in under an hour. No migration. Zero training data required.

Book a Demo

No training data requiredSOC 2 CompliantDirect-to-data