diff --git a/Sentinel/Hello-World-User-Agent.kql b/Sentinel/Hello-World-User-Agent.kql
new file mode 100644
index 0000000..7ccd589
--- /dev/null
+++ b/Sentinel/Hello-World-User-Agent.kql
@@ -0,0 +1 @@
+CommonSecurityLog | where (HttpUserAgentOriginal =~ @'Hello-World/1.0' and RequestMethod =~ @'GET' and dest_port in (80, 81, 82, 83, 84, 85) and source_ip != '192.168.1.0/24')