LogScale Queries

Community query exchange

LogScale Query Exchange

Share, discover, and version LogScale queries, parsers, and dashboards with the community.

1 queries0 parsers0 dashboards1 contributors
Browse queriesBrowse parsersBrowse dashboards

Browse by category

ApplicationGeneralInfrastructureNetworkSecurity

Latest queries

Recently shared by the community.

View all →
query.txt
in(field="#windows.EventID", values=[4769,4768])
| TicketEnc := coalesce([windows.EventData.TicketEncryptionType])
| SessionKeyEnc := coalesce([windows.EventData.SessionKeyEncryptionType])
| case {

Legacy Encryption Detection (RC4 + DES)

v1

This query identifies users, service accounts, and systems that are still using RC4-based Kerberos encryption. It analyzes authentication events to detect RC4 usage in both ticket encryption and session keys, enabling the identification of dependencies on outdated cryptographic protocols. The results help to proactively locate affected accounts and systems that may experience issues after the RC4 deactivation, supporting remediation and migration to secure encryption standards such as AES.

Infrastructurewindowssecurityrc4

@sebastian · 15.6.2026

DownloadOpen

Latest parsers

Recently shared ingest parsers.

View all →

No parsers published yet.

Upload parser

Latest dashboards

Recently shared dashboard definitions.

View all →

No dashboards published yet.

Upload dashboard