Traditional threat intelligence often relies on identifying malicious IPs individually, which can be reactive and slow. This session explores different KQL Queries to show how ISPs / ASNs can serve as powerful new IOCs, enabling security teams to proactively monitor entire IP ranges associated with suspicious activity. By tagging and tracking suspicious ISPs, organizations can accelerate threat detection and mitigation, reducing reliance on waiting for specific IP-based alerts. This proposal will help to discover how this approach enhances visibility, speeds up response times, and strengthens cyber defense strategies.