Detecteer AI-gebruik in jouw organisatie met Microsoft Defender & Kusto Query Language
AI-tools zijn niet meer weg te denken uit ons dagelijks werk. Maar weet je eigenlijk welke AI-diensten er gebruikt worden binnen jouw onderwijsinstelling of organisatie? Denk aan tools zoals ChatGPT, Grammarly, Jasper.ai, Otter.ai en talloze andere generatieve AI-diensten.
Zonder duidelijke zichtbaarheid en controle vormt dit een security- en compliance-risico.
Met Microsoft Defender for Endpoint, Advanced Hunting en Kusto Query Language (KQL) kun je het netwerkverkeer analyseren en AI-gerelateerde domeinen detecteren. Hieronder een voorbeeldquery om dit inzichtelijk te maken:
let DomainList = datatable(Domain:string)
[
"grammarly.com",
"grammarly.io",
"grammarly.net",
"webchatgpt.app",
"chatgptwriter.ai",
"thegigabrain.com",
"sider.ai",
"naturalreaders.com",
"prowritingaid.com",
"promptstorm.app",
"magictool.ai",
"perplexity.ai",
"monica.im",
"otter.ai",
"readspeaker.com",
"neospeech.com",
"iblai.app",
"studyx.ai",
"landbot.online",
"copy.ai",
"h2o.ai",
"finechat.ai",
"linguix.com",
"linangdata.com",
"moonshot.cn",
"languagetool.org",
"krisp.ai",
"read.ai",
"aipptmaker.ai",
"11x.ai",
"docsbot.ai",
"notta.ai",
"grok.com",
"aiprm.com",
"chat.mistral.ai",
"talkai.info",
"chat.com",
"chat.openai.com",
"chatgpt.com",
"chatgpt.es",
"chatgptchat.net",
"chatgptsidebar.pro",
"chatonai.org",
"chatgpt.org",
"chatgptx.com",
"chatgptoutlookaddin.com",
"claude.ai",
"exa.ai",
"gemini.google.com",
"aistudio.google.com",
"getliner.com",
"getmerlin.in",
"notdiamond.ai",
"harpa.ai",
"pinokio.computer",
"tabnine.com",
"gingersoftware.com",
"localio.io",
"decktopus.com",
"otio.ai",
"wordai.com",
"articly.ai",
"gptforwork.com",
"ghostwriter-ai.com",
"10studio.tech",
"pdf.ai",
"gocopy.io",
"paragraphai.com",
"on-page.ai",
"tome.app",
"textwizard.io",
"wowto.ai",
"novelai.net",
"kafkai.com",
"goose.ai",
"slidesgo.com",
"pocketai.app",
"bertha.ai",
"cursor.com",
"jasper.ai",
"you.com",
"beautiful.ai",
"slidebean.com",
"slidesai.io",
"chatpresentations.com",
"flair.ai",
"homedesigns.ai",
"prezent.ai",
"sendsteps.com",
"mentimeter.com",
"designs.ai",
"plusai.app",
"gamma.app",
"writesonic.com",
"cohere.com",
"gptzero.me",
"whiterabbitneo.com",
"llama.fi",
"notebooklm.google.com",
"zhipuai.cn",
"deepseek.com",
"deepseek.me",
"ai21.com",
"raena.ai",
"capcut.com",
"viggle.ai",
"slideteam.net",
"qwenlm.github.io",
"ai.com",
"oaistatic.com",
"oaiusercontent.com",
"deepmind.google",
"deepmind.com",
"synthesia.io",
"murf.ai",
"fathom.video",
"relevanceai.com",
"circleback.ai",
"voicemaker.in",
"sana.ai",
"elevenlabs.com",
"elevenlabs.io",
"chatgptextension.ai",
"chatbotapp.ai",
"aichatonline.org",
"yeschat.ai",
"chatwhitehat.ai",
"venice.ai",
"flowgpt.com",
"miniapps.ai",
"meta.ai",
"nomic.ai",
"poe.com",
"duck.ai",
"secretllama.com",
"jan.ai",
"librechat.ai",
"chatboxai.app",
"khoj.dev",
"farfalle.dev",
"anythingllm.com",
"backyard.ai",
"nectarhub.xyz"
];
DeviceNetworkEvents
| where RemoteUrl has_any (DomainList)
| project Timestamp, DeviceId, ReportId, RemoteUrl, InitiatingProcessFileName, InitiatingProcessCommandLineMet deze query kun je: ✅ Zien welke AI-diensten worden benaderd ✅ Herleiden welke processen dat doen ✅ Gebruikers bewust maken of beleid aanscherpen ✅ Gericht Conditional Access of App Control inzetten
🛡️ Wij helpen onderwijsinstellingen en organisaties met het opzetten van AI-detectie, signalering. Volledig geïntegreerd in je bestaande Microsoft 365 security stack.
📩 Interesse in een workshop of quickscan? Laat van je horen.