Skill UI

Executes Azure Monitor activity and sign-in log queries using azure-monitor-query to spot suspicious admin operations, impossible travel, privilege escalation, and resource changes, supporting incident investigations and cloud SIEM detections.

Analyze domain controller Kerberos logs to spot Golden Ticket TGT anomalies such as RC4 encryption, impossible lifetimes, missing TGT requests, and forged PAC signatures, letting SOC teams hunt credential abuse and persistent AD footholds with Splunk or KQL queries.

Proactively hunt threats in Elastic Security SIEM with KQL/EQL queries, Timeline investigations, and detection rules, helping SOC teams validate ATT&CK techniques, investigate anomalies, and close coverage gaps when automated alerts miss adversaries.