26 results found Sort:

Bert-JanP
Hunting-Queries-Detection-Rules Bert-JanP
230
1.2k
bsd-3-clause
63
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
kql mde mdi dfir misp azure infosec blueteam security sentinel zero-day cybersecurity threat-hunting defender-for-endpoint vulnerability-management
Created 2022-05-30
372 commits to main branch, last one a day ago
netevert
sentinel-attack netevert
207
1.1k
mit
71
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
kql siem azure sysmon logging blue-team detection workbooks mitre-attack cybersecurity sysmon-config azure-sentinel security-tools threat-hunting terraform-azure
Created 2019-05-30
313 commits to master branch, last one about a year ago
FalconForceTeam
FalconFriday FalconForceTeam
78
725
bsd-3-clause
56
Hunting queries and detections
kql hunting blueteam sentinel purpleteam defender-atp defender-for-endpoint
Created 2020-08-04
99 commits to main branch, last one about a month ago
Cyb3r-Monk
Threat-Hunting-and-Detection Cyb3r-Monk
100
635
bsd-3-clause
29
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
kql dfir cybersecurity kusto-language threat-hunting threat-detection microsoft-sentinel defender-for-endpoint detection-engineering
Created 2020-11-02
23 commits to main branch, last one 9 days ago
cyb3rmik3
KQL-threat-hunting-queries cyb3rmik3
66
593
mit
13
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
kql kusto security sentinel microsoft kusto-query threat-hunt microsoftxdr microsoft-365 microsoft-xdr securitycenter threat-hunting threat-detecting threat-detection microsoft-security microsoft-sentinel kusto-query-language microsoft-365-defender microsoft-365-security
Created 2022-07-19
343 commits to main branch, last one 3 days ago
alexverboon
MDATP alexverboon
59
455
mit
33
MDATP
kql blogs learning threathunting defender-for-endpoint defender-for-identity microsoft-defender-xdr defender-for-cloud-apps defender-for-office-365
This repository has been archived (exclude archived)
Created 2019-06-15
208 commits to master branch, last one 3 months ago
LearningKijo
KQL LearningKijo
78
442
unknown
22
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
edr kql xdr kusto threat-hunting incident-response
Created 2022-12-12
807 commits to main branch, last one 3 months ago
cyb3rmik3
MDE-DFIR-Resources cyb3rmik3
38
354
mit
11
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
kql mde dfir kusto microsoft resources kusto-query curated-list live-response digital-forensics incident-response curated-collections kusto-query-language microsoft-defender-for-endpoint digital-forensics-incident-response
Created 2023-11-01
51 commits to main branch, last one about a month ago
SlimKQL
Hunting-Queries-Detection-Rules SlimKQL
45
246
bsd-3-clause
17
KQL Queries. Microsoft Defender, Microsoft Sentinel
kql azure defender sentinel microsoft defenderxdr mitre-attack threathunting threatdetection
Created 2024-08-02
406 commits to main branch, last one a day ago
ashwin-patil
blue-teaming-with-kql ashwin-patil
36
203
mit
11
Repository with Sample KQL Query examples for Threat Hunting
kql siem azure security blueteaming loganalytics azure-sentinel threat-hunting azure-data-explorer
Created 2020-10-23
17 commits to main branch, last one 2 years ago
rod-trent
Copilot-for-Security rod-trent
21
146
mit
6
My personal work with Copilot for Security
kql code copilot plugins prompts security
Created 2023-10-28
829 commits to main branch, last one 2 days ago
getkirby
kql getkirby
5
144
mit
16
Kirby's Query Language API combines the flexibility of Kirby's data structures, the power of GraphQL and the simplicity of REST.
api cms kql json kirby query flat-file file-based headless-cms query-language
Created 2020-01-15
111 commits to main branch, last one about a month ago
lawndoc
AdvancedHuntingQueries lawndoc
16
110
unlicense
5
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
kql xdr kusto hunting defender security detection microsoft defender-atp microsoft365 cybersecurity cyber-security threat-hunting defender-for-endpoint detection-engineering
Created 2021-08-13
140 commits to main branch, last one 3 months ago
alexverboon
Hunting-Queries-Detection-Rules alexverboon
12
109
bsd-3-clause
2
KQL Queries. Microsoft Defender, Microsoft Sentinel
kql dfir azure azuread entraid hunting security sentinel detection defenderxdr defenderforendpoint defenderforidentity
Created 2023-05-02
99 commits to main branch, last one 28 days ago
ep3p
Sentinel_KQL ep3p
21
99
mit
5
In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).
kql siem azure entra kusto entra-id security sentinel microsoft watchlist microsoft-sentinel
Created 2022-07-19
1,702 commits to main branch, last one a day ago
tobiasmcvey
kusto-queries tobiasmcvey
30
91
mit
7
example queries for learning the kusto language
kql azure kusto kusto-language application-insights
Created 2019-05-20
24 commits to main branch, last one 3 years ago
jischell-msft
RemoteManagementMonitoringTools jischell-msft
7
78
mit
2
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
kql mde rmm security threat-hunting remotemanagement defender-for-endpoint
Created 2023-10-17
85 commits to main branch, last one 3 months ago
globalbao
awesome-kql globalbao
26
75
mit
8
Collection of awesome KQL queries for use in Portal and via PowerShell - by @JesseLoudon
kql azure azgraph kusto-language resource-graph azure-resource-graph
Created 2020-06-04
25 commits to master branch, last one 4 months ago
0xAnalyst
DefenderATPQueries 0xAnalyst
7
72
gpl-3.0
2
Hunting Queries for Defender ATP
kql sentinel microsoft defender-atp threat-hunting detection-rules detection-engineering
Created 2023-09-12
274 commits to main branch, last one 2 days ago
f-bader
AzSentinelQueries f-bader
17
69
unknown
4
Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
kql kusto sentinel detections hacktoberfest analytic-rules threat-hunting
Created 2022-03-25
117 commits to master branch, last one 14 hours ago
chadmcox
Azure_Active_Directory chadmcox
5
61
mit
7
Contains Entra Related PowerShell Scripts and Entra Related KQL for Logs in Log Analytics
kql azure entra azuread entraid azuread-b2b azureaduser powershell-script conditional-access
Created 2017-10-16
1,903 commits to master branch, last one 27 days ago
f-bader
SentinelARConverter f-bader
11
53
mit
7
Sentinel Analytics Rule converter PowerShell module
kql sentinel hacktoberfest cyber-security
Created 2023-02-18
179 commits to main branch, last one 3 months ago
cylaris
awesomekql cylaris
5
50
gpl-3.0
3
Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs
kql siem azure detection detection-rules
Created 2020-10-29
148 commits to main branch, last one about a year ago
EEN421
KQL-Queries EEN421
8
44
unknown
3
Ian Hanley's deceptively simple KQL queries.
kql azure devsecops cybersecurity cloud-security microsoft-sentinel
Created 2023-04-29
130 commits to Main branch, last one about a month ago
NeilMacMullen
kusto-loco NeilMacMullen
5
42
mit
1
C# KQL query engine with flexible I/O layers and visualization
kql kusto charting data-mining data-visualization
Created 2023-11-13
579 commits to main branch, last one 4 days ago
ugurkocde
KQL-Search ugurkocde
5
30
mit
3
This repository has no description...
kql azure intune security
Created 2023-01-02
44 commits to master branch, last one about a year ago