26 results found Sort:

Bert-JanP
Hunting-Queries-Detection-Rules Bert-JanP
239
1.3k
bsd-3-clause
65
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
kql mde mdi dfir misp azure infosec blueteam security sentinel zero-day cybersecurity threat-hunting defender-for-endpoint vulnerability-management
Created 2022-05-30
404 commits to main branch, last one 7 hours ago
netevert
sentinel-attack netevert
209
1.1k
mit
72
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
kql siem azure sysmon logging blue-team detection workbooks mitre-attack cybersecurity sysmon-config azure-sentinel security-tools threat-hunting terraform-azure
Created 2019-05-30
321 commits to master branch, last one 23 days ago
FalconForceTeam
FalconFriday FalconForceTeam
83
735
bsd-3-clause
57
Hunting queries and detections
kql hunting blueteam sentinel purpleteam defender-atp defender-for-endpoint
Created 2020-08-04
99 commits to main branch, last one 3 months ago
Cyb3r-Monk
Threat-Hunting-and-Detection Cyb3r-Monk
103
680
bsd-3-clause
28
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
kql dfir cybersecurity kusto-language threat-hunting threat-detection microsoft-sentinel defender-for-endpoint detection-engineering
Created 2020-11-02
30 commits to main branch, last one a day ago
cyb3rmik3
KQL-threat-hunting-queries cyb3rmik3
69
618
mit
15
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
kql kusto security sentinel microsoft kusto-query threat-hunt microsoftxdr microsoft-365 microsoft-xdr securitycenter threat-hunting threat-detecting threat-detection microsoft-security microsoft-sentinel kusto-query-language microsoft-365-defender microsoft-365-security
Created 2022-07-19
347 commits to main branch, last one 16 days ago
alexverboon
MDATP alexverboon
59
455
mit
33
MDATP
kql blogs learning threathunting defender-for-endpoint defender-for-identity microsoft-defender-xdr defender-for-cloud-apps defender-for-office-365
This repository has been archived (exclude archived)
Created 2019-06-15
208 commits to master branch, last one 5 months ago
LearningKijo
KQL LearningKijo
79
445
unknown
22
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
edr kql xdr kusto threat-hunting incident-response
Created 2022-12-12
808 commits to main branch, last one 29 days ago
cyb3rmik3
MDE-DFIR-Resources cyb3rmik3
39
361
mit
11
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
kql mde dfir kusto microsoft resources kusto-query curated-list live-response digital-forensics incident-response curated-collections kusto-query-language microsoft-defender-for-endpoint digital-forensics-incident-response
Created 2023-11-01
53 commits to main branch, last one 11 days ago
SlimKQL
Hunting-Queries-Detection-Rules SlimKQL
53
302
bsd-3-clause
20
KQL Queries. Microsoft Defender, Microsoft Sentinel
kql azure defender sentinel microsoft defenderxdr mitre-attack threathunting threatdetection
Created 2024-08-02
444 commits to main branch, last one 2 days ago
ashwin-patil
blue-teaming-with-kql ashwin-patil
36
202
mit
11
Repository with Sample KQL Query examples for Threat Hunting
kql siem azure security blueteaming loganalytics azure-sentinel threat-hunting azure-data-explorer
Created 2020-10-23
17 commits to main branch, last one 2 years ago
rod-trent
Copilot-for-Security rod-trent
22
161
mit
6
My personal work with Copilot for Security
kql code copilot plugins prompts security
Created 2023-10-28
856 commits to main branch, last one 9 days ago
getkirby
kql getkirby
5
145
mit
16
Kirby's Query Language API combines the flexibility of Kirby's data structures, the power of GraphQL and the simplicity of REST.
api cms kql json kirby query flat-file file-based headless-cms query-language
Created 2020-01-15
111 commits to main branch, last one 3 months ago
alexverboon
Hunting-Queries-Detection-Rules alexverboon
12
115
bsd-3-clause
2
KQL Queries. Microsoft Defender, Microsoft Sentinel
kql dfir azure azuread entraid hunting security sentinel detection defenderxdr defenderforendpoint defenderforidentity
Created 2023-05-02
101 commits to main branch, last one 11 days ago
lawndoc
AdvancedHuntingQueries lawndoc
17
113
unlicense
5
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
kql xdr kusto hunting defender security detection microsoft defender-atp microsoft365 cybersecurity cyber-security threat-hunting defender-for-endpoint detection-engineering
Created 2021-08-13
140 commits to main branch, last one 4 months ago
ep3p
Sentinel_KQL ep3p
22
105
mit
5
In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).
kql siem azure entra kusto entra-id security sentinel microsoft watchlist microsoft-sentinel
Created 2022-07-19
1,724 commits to main branch, last one a day ago
tobiasmcvey
kusto-queries tobiasmcvey
30
92
mit
7
example queries for learning the kusto language
kql azure kusto kusto-language application-insights
Created 2019-05-20
24 commits to main branch, last one 3 years ago
jischell-msft
RemoteManagementMonitoringTools jischell-msft
8
81
mit
2
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
kql mde rmm security threat-hunting remotemanagement defender-for-endpoint
Created 2023-10-17
85 commits to main branch, last one 4 months ago
globalbao
awesome-kql globalbao
27
76
mit
8
Collection of awesome KQL queries for use in Portal and via PowerShell - by @JesseLoudon
kql azure azgraph kusto-language resource-graph azure-resource-graph
Created 2020-06-04
25 commits to master branch, last one 5 months ago
0xAnalyst
DefenderATPQueries 0xAnalyst
8
75
gpl-3.0
2
Hunting Queries for Defender ATP
kql sentinel microsoft defender-atp threat-hunting detection-rules detection-engineering
Created 2023-09-12
276 commits to main branch, last one about a month ago
f-bader
AzSentinelQueries f-bader
16
72
unknown
4
Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
kql kusto sentinel detections hacktoberfest analytic-rules threat-hunting
Created 2022-03-25
134 commits to master branch, last one a day ago
chadmcox
Azure_Active_Directory chadmcox
5
62
mit
7
Contains Entra Related PowerShell Scripts and Entra Related KQL for Logs in Log Analytics
kql azure entra azuread entraid azuread-b2b azureaduser powershell-script conditional-access
Created 2017-10-16
1,927 commits to master branch, last one 2 days ago
f-bader
SentinelARConverter f-bader
12
54
mit
7
Sentinel Analytics Rule converter PowerShell module
kql sentinel hacktoberfest cyber-security
Created 2023-02-18
192 commits to main branch, last one 2 days ago
cylaris
awesomekql cylaris
5
51
gpl-3.0
3
Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs
kql siem azure detection detection-rules
Created 2020-10-29
148 commits to main branch, last one about a year ago
NeilMacMullen
kusto-loco NeilMacMullen
8
47
mit
1
C# KQL query engine with flexible I/O layers and visualization
kql kusto charting data-mining data-visualization
Created 2023-11-13
579 commits to main branch, last one about a month ago
EEN421
KQL-Queries EEN421
8
46
unknown
4
Ian Hanley's deceptively simple KQL queries.
kql azure devsecops cybersecurity cloud-security microsoft-sentinel
Created 2023-04-29
130 commits to Main branch, last one 2 months ago
ugurkocde
KQL-Search ugurkocde
5
30
mit
3
This repository has no description...
kql azure intune security
Created 2023-01-02
44 commits to master branch, last one about a year ago