Copilot for Security Prompt of the Day: Create a KQL query to detect all of the following...

Rod Trent

Sep 17, 2024

Copilot for Security Prompt of the Day: Create a KQL query to detect all of the following:

1. browsers spawning the Windows Scripting Host (wscript.exe) process

2. running the whoami command and redirecting the output to a file

3. domain trust discovery checks with nltest and related commands

https://github.com/rod-trent/Copilot-for-Security/blob/main/Prompts/Plugins/NL2KQL.md

Comments

#nojs-banner { position: fixed; bottom: 0; left: 0; padding: 16px 16px 16px 32px; width: 100%; box-sizing: border-box; background: red; color: white; font-family: -apple-system, "Segoe UI", Roboto, Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; font-size: 13px; line-height: 13px; } #nojs-banner a { color: inherit; text-decoration: underline; } This site requires JavaScript to run correctly. Please turn on JavaScript or unblock scripts