├── Analytic Rules
    ├── AWS CloudTrail
    │   ├── AWS_CloudTrailLoggingStopped.json
    │   ├── AWS_CloudTrailLoggingStopped.yaml
    │   ├── AWS_NewAccessKeyCreatedForRootUser.json
    │   └── AWS_NewAccessKeyCreatedForRootUser.yaml
    ├── Azure Active Directory
    │   ├── AAD-App_NewCredAddedToSPN.json
    │   ├── AAD-App_NewCredAddedToSPN.yaml
    │   ├── AAD-CAP_CAPModified.json
    │   └── AAD-CAP_CAPModified.yaml
    ├── Azure Activity
    │   ├── AzActivity-ST_NewIPAddedToStorageAccountFirewall.json
    │   ├── AzActivity-ST_NewIPAddedToStorageAccountFirewall.yaml
    │   ├── AzActivity-ST_PublicAccessEnabledOnStorageAccount.json
    │   └── AzActivity-ST_PublicAccessEnabledOnStorageAccount.yaml
    ├── Azure Key Vault
    │   ├── Azure-KV_KeyVaultAccessConfigurationModified.json
    │   ├── Azure-KV_KeyVaultAccessConfigurationModified.yaml
    │   ├── Azure-KV_LargeNumberOfItemsAccessed.json
    │   ├── Azure-KV_LargeNumberOfItemsAccessed.yaml
    │   ├── Azure-KV_LargeNumberOfItemsDeleted.json
    │   ├── Azure-KV_NewIPAddressAddedToFirewall.json
    │   ├── Azure-KV_NewIPAddressAddedToFirewall.yaml
    │   ├── Azure-KV_PotentialPrivilegeEscalationActivity.json
    │   └── Azure-KV_PotentialPrivilegeEscalationActivity.yaml
    └── Azure Storage Account
    │   ├── StorageBlob_MassDownload.json
    │   └── StorageBlob_MassDownload.yaml
├── Learn
    └── README.md
├── Queries
    ├── AWS CloudTrail
    │   ├── AWS-CloudTrail_CVE-2024-50603.md
    │   ├── AWS-CloudTrail_CloudTrailLoggingStopped.md
    │   ├── AWS-CloudTrail_ConsoleLoginWithoutMFA.md
    │   ├── AWS-CloudTrail_FailedLoginFromRoot.md
    │   ├── AWS-CloudTrail_NewAccessKeyCreatedForRoot.md
    │   ├── AWS-CloudTrail_NewIPNotSeenInPrevious90Days.md
    │   └── AWS-CloudTrail_NewUserAgentNotSeenInPrevious90Days.md
    ├── AWS EC2
    │   ├── AWS-CloudTrail-EC2_EC2InstanceExportedToS3.md
    │   └── AWS-CloudTrail-EC2_UnsanctionedEC2TypeCreated.md
    ├── AWS IAM
    │   ├── AWS-CloudTrail-IAM_AccesKeyDeleted.md
    │   ├── AWS-CloudTrail-IAM_AccessKeyCreated.md
    │   ├── AWS-CloudTrail-IAM_AccessKeyCreatedAndDeletedInShortPeriodOfTime.md
    │   ├── AWS-CloudTrail-IAM_ActionsFromFederatedUser.md
    │   ├── AWS-CloudTrail-IAM_FederatedUserCreated.md
    │   ├── AWS-CloudTrail-IAM_GetCallerIdentityFromCLI.md
    │   ├── AWS-CloudTrail-IAM_LargeVolumeOfAccessKeysCreatedInShortWindowOfTime.md
    │   ├── AWS-CloudTrail-IAM_MultipleFailedLoginsFromSingleSourceIpAddress.md
    │   ├── AWS-CloudTrail-IAM_SuccessfulLoginAfterASeriesOfFailedLogins.md
    │   ├── AWS-CloudTrail-IAM_SuccessfulLoginAfterSeverlFailedLogins.md
    │   └── AWS-IAM_AssumeRoleFromUntrustedAccountId.md
    ├── AWS RDS
    │   ├── AWS-CloudTrail-RDS_RDSSnapshotExportedToS3.md
    │   └── AWS-CloudTrail-RDS_RDSSnapshotTaken.md
    ├── AWS S3
    │   ├── AWS-CloudTrail-S3_BlockPublicAccessDisabled.md
    │   ├── AWS-CloudTrail-S3_BucketDeleted.md
    │   └── AWS-CloudTrail-S3_DeleteObjects.md
    ├── AWS SSM
    │   ├── AWS-CloudTrail-SSM_SSMDocumentConfiguredAsPublic.md
    │   ├── AWS-CloudTrail-SSM_SSMDocumentRan.md
    │   ├── AWS-CloudTrail-SSM_SSMDocumentRanButNotSeenInLast90Days.md
    │   └── AWS-CloudTrail-SSM_SSMDocumentRanOnMultipleInstances.md
    ├── AWS Secrets Manager
    │   ├── AWS-CloudTrail-SecretsManager_LargeNumberOfSecretsAccessedInShortTime.md
    │   └── AWS-CloudTrail-SecretsManager_LargeNumberOfSecretsDeletedInShortTime.md
    ├── AWS VPC
    │   ├── AWS-CloudTrail-VPC_DangerousIngressRule.md
    │   ├── AWS-CloudTrail-VPC_IOCSecurityGroupCreated.md
    │   └── AWS-CloudTrail-VPC_SecurityGroupDeleted.md
    ├── Azure Active Directory
    │   ├── AAD-App_AdminConsentedToRiskyPermissionOnBehalfOfTheOrg.md
    │   ├── AAD-App_NewCredAddedToSPN.md
    │   ├── AAD-AuditLogs_GuestAccountAddedToAppOwner.md
    │   ├── AAD-AuditLogs_PrivilegedRoleAssignedToExternalGuest.md
    │   ├── AAD-AudtLogs_OwnerAddedToApp.md
    │   ├── AAD-CAP_CAPDeleted.md
    │   ├── AAD-CAP_CAPModified.md
    │   ├── AAD-CAP_NamedLocatonModified.md
    │   ├── AAD-CAP_NewTrustedLocation.md
    │   ├── AAD-CAP_TrustedLocationModified.md
    │   ├── AAD-PIM_PrivilegedRoleAssignedToPrincipal.md
    │   ├── AAD-SignIn_MultipleVailidAADUsesFailingAuthFromSameSourceIP.md
    │   ├── AAD_AdminResetPasswordForAnotherAdmin.md
    │   ├── AAD_BitLockerKeyAccessed.md
    │   ├── AAD_CrossTenantAccessSettingModified.md
    │   ├── AAD_DeviceCodeFlowAuthentication.md
    │   ├── AAD_FailedLoginsFollowedBySuccessfulLoginToAzurePortal.md
    │   ├── AAD_FindUncommonUserAgent.md
    │   ├── AAD_LargeNumberOfGroupsDeletedInShortTime.md
    │   ├── AAD_MFAMethodAddedToTargetAccountFromSeparateCaller.md
    │   ├── AAD_MFAMethodUpdated.md
    │   ├── AAD_NewTenantAddedToCrossTenantAccessSettings.md
    │   ├── AAD_RiskySigninToAzurePortal.md
    │   ├── AAD_RoleAssignedToGroup.md
    │   ├── AAD_RoleAssignedToGuest.md
    │   ├── AAD_SSPR.md
    │   └── AAD_SuccessfulSigninFromBGAccount.md
    ├── Azure Activity - Azure Firewall
    │   └── AzActivity-AFW_AzureFirewallPolicyUpdated.md
    ├── Azure Activity - NIC
    │   └── AzActivity-NIC_NICModified.md
    ├── Azure Activity - NSG
    │   ├── AzActivity-NSG_InboundRuleChangeMgmtPorts.md
    │   └── AzActivity-NSG_NSGDeleted.md
    ├── Azure Activity - Security Insights
    │   ├── AzActivity-Security_AnalyticRuleDeleted.md
    │   └── AzActivity-Security_AnalyticRuleModified.md
    ├── Azure Activity - Storage
    │   ├── AzActivity-ST_ContainerDeleted.md
    │   ├── AzActivity-ST_MultipleStorageAccountKeysAccessedInShortTime.md
    │   └── AzActivity-ST_StorageAccountKeysAccessed.md
    ├── Azure Activity - VM
    │   ├── AzActivity-VM_AzureRunCommandStarted.md
    │   ├── AzActivity-VM_DiskExportSASURLGenerated.md
    │   ├── AzActivity-VM_EnableAccessExtensionRan.md
    │   └── AzActivity-VM_MultipleVMsDeletedByCallerInShortTime.md
    ├── Azure Activity
    │   ├── AzActivity-RBAC_PrivilegedRoleAssigned.md
    │   ├── AzActivity-RBAC_PrivilegedRoleAssignedToSubscription.md
    │   ├── AzActivity-ST_ListKeysPotentiallySensitiveAction.md
    │   ├── AzActivity-ST_NewIPAddedToStorageAccountFirewall.md
    │   ├── AzActivity-ST_PublicAccessEnabledOnStorageAccount.md
    │   ├── AzActivity_DiagnosticSettingDeleted.md
    │   ├── AzActivity_DiagnosticSettingModified.md
    │   ├── AzActivity_EventsFromIPNotSeenInPrevious90Days.md
    │   └── AzActivty_FindUncommonCallerIPAddresses.md
    ├── Azure Key Vault
    │   ├── AzureKeyVault_AccessConfigurationModified.md
    │   ├── AzureKeyVault_LargeNumberOfItemsAccessedInShortTime.md
    │   ├── AzureKeyVault_LargeNumberOfItemsListedInShortTime.md
    │   ├── AzureKeyVault_LargeNumerOfItemsDeletedInShortTime.md
    │   ├── AzureKeyVault_NewIPAddressAddedToFirewall.md
    │   ├── AzureKeyVault_PotentialPrivilegeEscalationActivity.md
    │   └── AzureKeyVault_UserAddsThemselvesToAVaultAccessPolicy.md
    ├── Azure Resource Graph
    │   ├── ARG-KV_EnabledRbacAuthorizationDisabled.md
    │   └── ARG_StorageAccountPublicAccessEnabled.md
    ├── Azure Storage Account
    │   └── StorageBlob_MassDownload.md
    ├── MDE
    │   ├── MDE_MdeExclusionAdded.md
    │   └── MDE_RUNDLL32EXE-EmptyProcess.md
    └── README.md
└── README.md


/Analytic Rules/AWS CloudTrail/AWS_CloudTrailLoggingStopped.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/AWS CloudTrail/AWS_CloudTrailLoggingStopped.json


--------------------------------------------------------------------------------
/Analytic Rules/AWS CloudTrail/AWS_CloudTrailLoggingStopped.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/AWS CloudTrail/AWS_CloudTrailLoggingStopped.yaml


--------------------------------------------------------------------------------
/Analytic Rules/AWS CloudTrail/AWS_NewAccessKeyCreatedForRootUser.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/AWS CloudTrail/AWS_NewAccessKeyCreatedForRootUser.json


--------------------------------------------------------------------------------
/Analytic Rules/AWS CloudTrail/AWS_NewAccessKeyCreatedForRootUser.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/AWS CloudTrail/AWS_NewAccessKeyCreatedForRootUser.yaml


--------------------------------------------------------------------------------
/Analytic Rules/Azure Active Directory/AAD-App_NewCredAddedToSPN.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Active Directory/AAD-App_NewCredAddedToSPN.json


--------------------------------------------------------------------------------
/Analytic Rules/Azure Active Directory/AAD-App_NewCredAddedToSPN.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Active Directory/AAD-App_NewCredAddedToSPN.yaml


--------------------------------------------------------------------------------
/Analytic Rules/Azure Active Directory/AAD-CAP_CAPModified.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Active Directory/AAD-CAP_CAPModified.json


--------------------------------------------------------------------------------
/Analytic Rules/Azure Active Directory/AAD-CAP_CAPModified.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Active Directory/AAD-CAP_CAPModified.yaml


--------------------------------------------------------------------------------
/Analytic Rules/Azure Activity/AzActivity-ST_NewIPAddedToStorageAccountFirewall.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Activity/AzActivity-ST_NewIPAddedToStorageAccountFirewall.json


--------------------------------------------------------------------------------
/Analytic Rules/Azure Activity/AzActivity-ST_NewIPAddedToStorageAccountFirewall.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Activity/AzActivity-ST_NewIPAddedToStorageAccountFirewall.yaml


--------------------------------------------------------------------------------
/Analytic Rules/Azure Activity/AzActivity-ST_PublicAccessEnabledOnStorageAccount.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Activity/AzActivity-ST_PublicAccessEnabledOnStorageAccount.json


--------------------------------------------------------------------------------
/Analytic Rules/Azure Activity/AzActivity-ST_PublicAccessEnabledOnStorageAccount.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Activity/AzActivity-ST_PublicAccessEnabledOnStorageAccount.yaml


--------------------------------------------------------------------------------
/Analytic Rules/Azure Key Vault/Azure-KV_KeyVaultAccessConfigurationModified.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Key Vault/Azure-KV_KeyVaultAccessConfigurationModified.json


--------------------------------------------------------------------------------
/Analytic Rules/Azure Key Vault/Azure-KV_KeyVaultAccessConfigurationModified.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Key Vault/Azure-KV_KeyVaultAccessConfigurationModified.yaml


--------------------------------------------------------------------------------
/Analytic Rules/Azure Key Vault/Azure-KV_LargeNumberOfItemsAccessed.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Key Vault/Azure-KV_LargeNumberOfItemsAccessed.json


--------------------------------------------------------------------------------
/Analytic Rules/Azure Key Vault/Azure-KV_LargeNumberOfItemsAccessed.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Key Vault/Azure-KV_LargeNumberOfItemsAccessed.yaml


--------------------------------------------------------------------------------
/Analytic Rules/Azure Key Vault/Azure-KV_LargeNumberOfItemsDeleted.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Key Vault/Azure-KV_LargeNumberOfItemsDeleted.json


--------------------------------------------------------------------------------
/Analytic Rules/Azure Key Vault/Azure-KV_NewIPAddressAddedToFirewall.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Key Vault/Azure-KV_NewIPAddressAddedToFirewall.json


--------------------------------------------------------------------------------
/Analytic Rules/Azure Key Vault/Azure-KV_NewIPAddressAddedToFirewall.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Key Vault/Azure-KV_NewIPAddressAddedToFirewall.yaml


--------------------------------------------------------------------------------
/Analytic Rules/Azure Key Vault/Azure-KV_PotentialPrivilegeEscalationActivity.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Key Vault/Azure-KV_PotentialPrivilegeEscalationActivity.json


--------------------------------------------------------------------------------
/Analytic Rules/Azure Key Vault/Azure-KV_PotentialPrivilegeEscalationActivity.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Key Vault/Azure-KV_PotentialPrivilegeEscalationActivity.yaml


--------------------------------------------------------------------------------
/Analytic Rules/Azure Storage Account/StorageBlob_MassDownload.json:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Storage Account/StorageBlob_MassDownload.json


--------------------------------------------------------------------------------
/Analytic Rules/Azure Storage Account/StorageBlob_MassDownload.yaml:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Analytic Rules/Azure Storage Account/StorageBlob_MassDownload.yaml


--------------------------------------------------------------------------------
/Learn/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Learn/README.md


--------------------------------------------------------------------------------
/Queries/AWS CloudTrail/AWS-CloudTrail_CVE-2024-50603.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS CloudTrail/AWS-CloudTrail_CVE-2024-50603.md


--------------------------------------------------------------------------------
/Queries/AWS CloudTrail/AWS-CloudTrail_CloudTrailLoggingStopped.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS CloudTrail/AWS-CloudTrail_CloudTrailLoggingStopped.md


--------------------------------------------------------------------------------
/Queries/AWS CloudTrail/AWS-CloudTrail_ConsoleLoginWithoutMFA.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS CloudTrail/AWS-CloudTrail_ConsoleLoginWithoutMFA.md


--------------------------------------------------------------------------------
/Queries/AWS CloudTrail/AWS-CloudTrail_FailedLoginFromRoot.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS CloudTrail/AWS-CloudTrail_FailedLoginFromRoot.md


--------------------------------------------------------------------------------
/Queries/AWS CloudTrail/AWS-CloudTrail_NewAccessKeyCreatedForRoot.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS CloudTrail/AWS-CloudTrail_NewAccessKeyCreatedForRoot.md


--------------------------------------------------------------------------------
/Queries/AWS CloudTrail/AWS-CloudTrail_NewIPNotSeenInPrevious90Days.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS CloudTrail/AWS-CloudTrail_NewIPNotSeenInPrevious90Days.md


--------------------------------------------------------------------------------
/Queries/AWS CloudTrail/AWS-CloudTrail_NewUserAgentNotSeenInPrevious90Days.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS CloudTrail/AWS-CloudTrail_NewUserAgentNotSeenInPrevious90Days.md


--------------------------------------------------------------------------------
/Queries/AWS EC2/AWS-CloudTrail-EC2_EC2InstanceExportedToS3.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS EC2/AWS-CloudTrail-EC2_EC2InstanceExportedToS3.md


--------------------------------------------------------------------------------
/Queries/AWS EC2/AWS-CloudTrail-EC2_UnsanctionedEC2TypeCreated.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS EC2/AWS-CloudTrail-EC2_UnsanctionedEC2TypeCreated.md


--------------------------------------------------------------------------------
/Queries/AWS IAM/AWS-CloudTrail-IAM_AccesKeyDeleted.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS IAM/AWS-CloudTrail-IAM_AccesKeyDeleted.md


--------------------------------------------------------------------------------
/Queries/AWS IAM/AWS-CloudTrail-IAM_AccessKeyCreated.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS IAM/AWS-CloudTrail-IAM_AccessKeyCreated.md


--------------------------------------------------------------------------------
/Queries/AWS IAM/AWS-CloudTrail-IAM_AccessKeyCreatedAndDeletedInShortPeriodOfTime.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS IAM/AWS-CloudTrail-IAM_AccessKeyCreatedAndDeletedInShortPeriodOfTime.md


--------------------------------------------------------------------------------
/Queries/AWS IAM/AWS-CloudTrail-IAM_ActionsFromFederatedUser.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS IAM/AWS-CloudTrail-IAM_ActionsFromFederatedUser.md


--------------------------------------------------------------------------------
/Queries/AWS IAM/AWS-CloudTrail-IAM_FederatedUserCreated.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS IAM/AWS-CloudTrail-IAM_FederatedUserCreated.md


--------------------------------------------------------------------------------
/Queries/AWS IAM/AWS-CloudTrail-IAM_GetCallerIdentityFromCLI.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS IAM/AWS-CloudTrail-IAM_GetCallerIdentityFromCLI.md


--------------------------------------------------------------------------------
/Queries/AWS IAM/AWS-CloudTrail-IAM_LargeVolumeOfAccessKeysCreatedInShortWindowOfTime.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS IAM/AWS-CloudTrail-IAM_LargeVolumeOfAccessKeysCreatedInShortWindowOfTime.md


--------------------------------------------------------------------------------
/Queries/AWS IAM/AWS-CloudTrail-IAM_MultipleFailedLoginsFromSingleSourceIpAddress.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS IAM/AWS-CloudTrail-IAM_MultipleFailedLoginsFromSingleSourceIpAddress.md


--------------------------------------------------------------------------------
/Queries/AWS IAM/AWS-CloudTrail-IAM_SuccessfulLoginAfterASeriesOfFailedLogins.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS IAM/AWS-CloudTrail-IAM_SuccessfulLoginAfterASeriesOfFailedLogins.md


--------------------------------------------------------------------------------
/Queries/AWS IAM/AWS-CloudTrail-IAM_SuccessfulLoginAfterSeverlFailedLogins.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS IAM/AWS-CloudTrail-IAM_SuccessfulLoginAfterSeverlFailedLogins.md


--------------------------------------------------------------------------------
/Queries/AWS IAM/AWS-IAM_AssumeRoleFromUntrustedAccountId.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS IAM/AWS-IAM_AssumeRoleFromUntrustedAccountId.md


--------------------------------------------------------------------------------
/Queries/AWS RDS/AWS-CloudTrail-RDS_RDSSnapshotExportedToS3.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS RDS/AWS-CloudTrail-RDS_RDSSnapshotExportedToS3.md


--------------------------------------------------------------------------------
/Queries/AWS RDS/AWS-CloudTrail-RDS_RDSSnapshotTaken.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS RDS/AWS-CloudTrail-RDS_RDSSnapshotTaken.md


--------------------------------------------------------------------------------
/Queries/AWS S3/AWS-CloudTrail-S3_BlockPublicAccessDisabled.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS S3/AWS-CloudTrail-S3_BlockPublicAccessDisabled.md


--------------------------------------------------------------------------------
/Queries/AWS S3/AWS-CloudTrail-S3_BucketDeleted.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS S3/AWS-CloudTrail-S3_BucketDeleted.md


--------------------------------------------------------------------------------
/Queries/AWS S3/AWS-CloudTrail-S3_DeleteObjects.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS S3/AWS-CloudTrail-S3_DeleteObjects.md


--------------------------------------------------------------------------------
/Queries/AWS SSM/AWS-CloudTrail-SSM_SSMDocumentConfiguredAsPublic.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS SSM/AWS-CloudTrail-SSM_SSMDocumentConfiguredAsPublic.md


--------------------------------------------------------------------------------
/Queries/AWS SSM/AWS-CloudTrail-SSM_SSMDocumentRan.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS SSM/AWS-CloudTrail-SSM_SSMDocumentRan.md


--------------------------------------------------------------------------------
/Queries/AWS SSM/AWS-CloudTrail-SSM_SSMDocumentRanButNotSeenInLast90Days.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS SSM/AWS-CloudTrail-SSM_SSMDocumentRanButNotSeenInLast90Days.md


--------------------------------------------------------------------------------
/Queries/AWS SSM/AWS-CloudTrail-SSM_SSMDocumentRanOnMultipleInstances.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS SSM/AWS-CloudTrail-SSM_SSMDocumentRanOnMultipleInstances.md


--------------------------------------------------------------------------------
/Queries/AWS Secrets Manager/AWS-CloudTrail-SecretsManager_LargeNumberOfSecretsAccessedInShortTime.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS Secrets Manager/AWS-CloudTrail-SecretsManager_LargeNumberOfSecretsAccessedInShortTime.md


--------------------------------------------------------------------------------
/Queries/AWS Secrets Manager/AWS-CloudTrail-SecretsManager_LargeNumberOfSecretsDeletedInShortTime.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS Secrets Manager/AWS-CloudTrail-SecretsManager_LargeNumberOfSecretsDeletedInShortTime.md


--------------------------------------------------------------------------------
/Queries/AWS VPC/AWS-CloudTrail-VPC_DangerousIngressRule.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS VPC/AWS-CloudTrail-VPC_DangerousIngressRule.md


--------------------------------------------------------------------------------
/Queries/AWS VPC/AWS-CloudTrail-VPC_IOCSecurityGroupCreated.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS VPC/AWS-CloudTrail-VPC_IOCSecurityGroupCreated.md


--------------------------------------------------------------------------------
/Queries/AWS VPC/AWS-CloudTrail-VPC_SecurityGroupDeleted.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/AWS VPC/AWS-CloudTrail-VPC_SecurityGroupDeleted.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD-App_AdminConsentedToRiskyPermissionOnBehalfOfTheOrg.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD-App_AdminConsentedToRiskyPermissionOnBehalfOfTheOrg.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD-App_NewCredAddedToSPN.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD-App_NewCredAddedToSPN.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD-AuditLogs_GuestAccountAddedToAppOwner.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD-AuditLogs_GuestAccountAddedToAppOwner.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD-AuditLogs_PrivilegedRoleAssignedToExternalGuest.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD-AuditLogs_PrivilegedRoleAssignedToExternalGuest.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD-AudtLogs_OwnerAddedToApp.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD-AudtLogs_OwnerAddedToApp.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD-CAP_CAPDeleted.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD-CAP_CAPDeleted.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD-CAP_CAPModified.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD-CAP_CAPModified.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD-CAP_NamedLocatonModified.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD-CAP_NamedLocatonModified.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD-CAP_NewTrustedLocation.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD-CAP_NewTrustedLocation.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD-CAP_TrustedLocationModified.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD-CAP_TrustedLocationModified.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD-PIM_PrivilegedRoleAssignedToPrincipal.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD-PIM_PrivilegedRoleAssignedToPrincipal.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD-SignIn_MultipleVailidAADUsesFailingAuthFromSameSourceIP.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD-SignIn_MultipleVailidAADUsesFailingAuthFromSameSourceIP.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_AdminResetPasswordForAnotherAdmin.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_AdminResetPasswordForAnotherAdmin.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_BitLockerKeyAccessed.md:
--------------------------------------------------------------------------------
1 | ```kql
2 | AuditLogs
3 | | where OperationName == "Read BitLocker key"
4 | ```


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_CrossTenantAccessSettingModified.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_CrossTenantAccessSettingModified.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_DeviceCodeFlowAuthentication.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_DeviceCodeFlowAuthentication.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_FailedLoginsFollowedBySuccessfulLoginToAzurePortal.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_FailedLoginsFollowedBySuccessfulLoginToAzurePortal.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_FindUncommonUserAgent.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_FindUncommonUserAgent.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_LargeNumberOfGroupsDeletedInShortTime.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_LargeNumberOfGroupsDeletedInShortTime.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_MFAMethodAddedToTargetAccountFromSeparateCaller.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_MFAMethodAddedToTargetAccountFromSeparateCaller.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_MFAMethodUpdated.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_MFAMethodUpdated.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_NewTenantAddedToCrossTenantAccessSettings.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_NewTenantAddedToCrossTenantAccessSettings.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_RiskySigninToAzurePortal.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_RiskySigninToAzurePortal.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_RoleAssignedToGroup.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_RoleAssignedToGroup.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_RoleAssignedToGuest.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_RoleAssignedToGuest.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_SSPR.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_SSPR.md


--------------------------------------------------------------------------------
/Queries/Azure Active Directory/AAD_SuccessfulSigninFromBGAccount.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Active Directory/AAD_SuccessfulSigninFromBGAccount.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - Azure Firewall/AzActivity-AFW_AzureFirewallPolicyUpdated.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - Azure Firewall/AzActivity-AFW_AzureFirewallPolicyUpdated.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - NIC/AzActivity-NIC_NICModified.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - NIC/AzActivity-NIC_NICModified.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - NSG/AzActivity-NSG_InboundRuleChangeMgmtPorts.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - NSG/AzActivity-NSG_InboundRuleChangeMgmtPorts.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - NSG/AzActivity-NSG_NSGDeleted.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - NSG/AzActivity-NSG_NSGDeleted.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - Security Insights/AzActivity-Security_AnalyticRuleDeleted.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - Security Insights/AzActivity-Security_AnalyticRuleDeleted.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - Security Insights/AzActivity-Security_AnalyticRuleModified.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - Security Insights/AzActivity-Security_AnalyticRuleModified.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - Storage/AzActivity-ST_ContainerDeleted.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - Storage/AzActivity-ST_ContainerDeleted.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - Storage/AzActivity-ST_MultipleStorageAccountKeysAccessedInShortTime.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - Storage/AzActivity-ST_MultipleStorageAccountKeysAccessedInShortTime.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - Storage/AzActivity-ST_StorageAccountKeysAccessed.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - Storage/AzActivity-ST_StorageAccountKeysAccessed.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - VM/AzActivity-VM_AzureRunCommandStarted.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - VM/AzActivity-VM_AzureRunCommandStarted.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - VM/AzActivity-VM_DiskExportSASURLGenerated.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - VM/AzActivity-VM_DiskExportSASURLGenerated.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - VM/AzActivity-VM_EnableAccessExtensionRan.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - VM/AzActivity-VM_EnableAccessExtensionRan.md


--------------------------------------------------------------------------------
/Queries/Azure Activity - VM/AzActivity-VM_MultipleVMsDeletedByCallerInShortTime.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity - VM/AzActivity-VM_MultipleVMsDeletedByCallerInShortTime.md


--------------------------------------------------------------------------------
/Queries/Azure Activity/AzActivity-RBAC_PrivilegedRoleAssigned.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity/AzActivity-RBAC_PrivilegedRoleAssigned.md


--------------------------------------------------------------------------------
/Queries/Azure Activity/AzActivity-RBAC_PrivilegedRoleAssignedToSubscription.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity/AzActivity-RBAC_PrivilegedRoleAssignedToSubscription.md


--------------------------------------------------------------------------------
/Queries/Azure Activity/AzActivity-ST_ListKeysPotentiallySensitiveAction.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity/AzActivity-ST_ListKeysPotentiallySensitiveAction.md


--------------------------------------------------------------------------------
/Queries/Azure Activity/AzActivity-ST_NewIPAddedToStorageAccountFirewall.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity/AzActivity-ST_NewIPAddedToStorageAccountFirewall.md


--------------------------------------------------------------------------------
/Queries/Azure Activity/AzActivity-ST_PublicAccessEnabledOnStorageAccount.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity/AzActivity-ST_PublicAccessEnabledOnStorageAccount.md


--------------------------------------------------------------------------------
/Queries/Azure Activity/AzActivity_DiagnosticSettingDeleted.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity/AzActivity_DiagnosticSettingDeleted.md


--------------------------------------------------------------------------------
/Queries/Azure Activity/AzActivity_DiagnosticSettingModified.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity/AzActivity_DiagnosticSettingModified.md


--------------------------------------------------------------------------------
/Queries/Azure Activity/AzActivity_EventsFromIPNotSeenInPrevious90Days.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity/AzActivity_EventsFromIPNotSeenInPrevious90Days.md


--------------------------------------------------------------------------------
/Queries/Azure Activity/AzActivty_FindUncommonCallerIPAddresses.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Activity/AzActivty_FindUncommonCallerIPAddresses.md


--------------------------------------------------------------------------------
/Queries/Azure Key Vault/AzureKeyVault_AccessConfigurationModified.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Key Vault/AzureKeyVault_AccessConfigurationModified.md


--------------------------------------------------------------------------------
/Queries/Azure Key Vault/AzureKeyVault_LargeNumberOfItemsAccessedInShortTime.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Key Vault/AzureKeyVault_LargeNumberOfItemsAccessedInShortTime.md


--------------------------------------------------------------------------------
/Queries/Azure Key Vault/AzureKeyVault_LargeNumberOfItemsListedInShortTime.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Key Vault/AzureKeyVault_LargeNumberOfItemsListedInShortTime.md


--------------------------------------------------------------------------------
/Queries/Azure Key Vault/AzureKeyVault_LargeNumerOfItemsDeletedInShortTime.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Key Vault/AzureKeyVault_LargeNumerOfItemsDeletedInShortTime.md


--------------------------------------------------------------------------------
/Queries/Azure Key Vault/AzureKeyVault_NewIPAddressAddedToFirewall.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Key Vault/AzureKeyVault_NewIPAddressAddedToFirewall.md


--------------------------------------------------------------------------------
/Queries/Azure Key Vault/AzureKeyVault_PotentialPrivilegeEscalationActivity.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Key Vault/AzureKeyVault_PotentialPrivilegeEscalationActivity.md


--------------------------------------------------------------------------------
/Queries/Azure Key Vault/AzureKeyVault_UserAddsThemselvesToAVaultAccessPolicy.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Key Vault/AzureKeyVault_UserAddsThemselvesToAVaultAccessPolicy.md


--------------------------------------------------------------------------------
/Queries/Azure Resource Graph/ARG-KV_EnabledRbacAuthorizationDisabled.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Resource Graph/ARG-KV_EnabledRbacAuthorizationDisabled.md


--------------------------------------------------------------------------------
/Queries/Azure Resource Graph/ARG_StorageAccountPublicAccessEnabled.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Resource Graph/ARG_StorageAccountPublicAccessEnabled.md


--------------------------------------------------------------------------------
/Queries/Azure Storage Account/StorageBlob_MassDownload.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/Azure Storage Account/StorageBlob_MassDownload.md


--------------------------------------------------------------------------------
/Queries/MDE/MDE_MdeExclusionAdded.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/MDE/MDE_MdeExclusionAdded.md


--------------------------------------------------------------------------------
/Queries/MDE/MDE_RUNDLL32EXE-EmptyProcess.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/MDE/MDE_RUNDLL32EXE-EmptyProcess.md


--------------------------------------------------------------------------------
/Queries/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/Queries/README.md


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/KernelCaleb/Kustonomicon/HEAD/README.md


--------------------------------------------------------------------------------