23 results found Sort:
- Filter by Primary Language:
- PowerShell (3)
- HTML (1)
- JavaScript (1)
- HCL (1)
- PHP (1)
- Python (1)
- Jupyter Notebook (1)
- +
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Created
2022-05-30
321 commits to main branch, last one a day ago
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Created
2019-05-30
313 commits to master branch, last one 9 months ago
Hunting queries and detections
Created
2020-08-04
98 commits to master branch, last one 22 hours ago
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Created
2020-11-02
22 commits to main branch, last one 5 months ago
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
Created
2022-07-19
309 commits to main branch, last one 4 days ago
Microsoft Defender XDR - Resource Hub
Created
2019-06-15
207 commits to master branch, last one 12 days ago
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
Created
2022-12-12
802 commits to main branch, last one 14 days ago
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
Created
2023-11-01
48 commits to main branch, last one about a month ago
Repository with Sample KQL Query examples for Threat Hunting
Created
2020-10-23
17 commits to main branch, last one about a year ago
Kirby's Query Language API combines the flexibility of Kirby's data structures, the power of GraphQL and the simplicity of REST.
Created
2020-01-15
109 commits to main branch, last one 7 months ago
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
Created
2021-08-13
139 commits to main branch, last one 7 months ago
My personal work with Copilot for Security
Created
2023-10-28
617 commits to main branch, last one a day ago
In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).
Created
2022-07-19
1,657 commits to main branch, last one a day ago
example queries for learning the kusto language
Created
2019-05-20
24 commits to main branch, last one 3 years ago
KQL Queries. Microsoft Defender, Microsoft Sentinel
Created
2023-05-02
91 commits to main branch, last one 4 days ago
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
Created
2023-10-17
84 commits to main branch, last one 3 months ago
Collection of Azure Resource Graph queries for use in Portal and via PowerShell - by @JesseLoudon
Created
2020-06-04
23 commits to master branch, last one about a year ago
Repository with Sentinel Analytics Rules and Hunting Queries
Created
2022-03-25
80 commits to master branch, last one 3 days ago
Hunting Queries for Defender ATP
Created
2023-09-12
176 commits to main branch, last one 4 days ago
Sentinel Analytics Rule converter PowerShell module
Created
2023-02-18
145 commits to main branch, last one 9 days ago
Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs
Created
2020-10-29
148 commits to main branch, last one 11 months ago
Ian Hanley's deceptively simple KQL queries.
Created
2023-04-29
125 commits to Main branch, last one 5 months ago
This repository has no description...
Created
2023-01-02
44 commits to master branch, last one 9 months ago