Clicking on the name of the query will bring you to the file for it in this git repo.
Or try them out right away in your M365 Security tenant:
Click on the '🔎' hotlink to plug the query right into your Advanced Hunting Query page
- Gets the top 5 devices that have had an anomalous spike in execution of .bat scripts in the past week
- Gets the top 5 file types with the most anomalous spike in the past week
- Gets the top 5 users whose logons had the most anomalous spike and projects their daily logins onto a timechart for visual aid
- Service accounts showing up in this query are especially suspicious
- Ranks the accounts that have the most remote logons
- Shows which devices each account has logged into
- Shows whether or not the account is a local admin