Hello!
Rapid7 comes with a lot of pre-computed queries that are very helpful and beneficial - and it’s greatly appreciated.
We were wondering and seeing if there are any other saved/pre-computed queries that ya’ll use in your environments that are beneficial and useful to investigations, threat hunting, and/or detection rules.
For example, we’ve been using and implemented an AI Usage query that allows us to quickly pull up numbers and stats:
where(top_private_domain IIN [“chatgpt.com”,“gemini.google.com”,“claude.ai”,“copilot.microsoft.com”,“perplexity.ai”,“jasper.ai”,“llama2.ai”,“poe.com”,“huggingface.co”,“you.com”,“koala.sh”,“copy.ai”,“writesonic.com”,“textcortex.com”])groupby(“top_private_domain”,“user”)