23 results found Sort:

Bert-JanP
Hunting-Queries-Detection-Rules Bert-JanP
199
1.1k
bsd-3-clause
53
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
kql mde mdi dfir misp azure infosec blueteam security sentinel zero-day cybersecurity threat-hunting defender-for-endpoint vulnerability-management
Created 2022-05-30
321 commits to main branch, last one a day ago
netevert
sentinel-attack netevert
208
1.0k
mit
71
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
kql siem azure sysmon logging blue-team detection workbooks mitre-attack cybersecurity sysmon-config azure-sentinel security-tools threat-hunting terraform-azure
Created 2019-05-30
313 commits to master branch, last one 9 months ago
FalconForceTeam
FalconFriday FalconForceTeam
76
676
bsd-3-clause
54
Hunting queries and detections
kql hunting blueteam sentinel purpleteam defender-atp defender-for-endpoint
Created 2020-08-04
98 commits to master branch, last one 22 hours ago
Cyb3r-Monk
Threat-Hunting-and-Detection Cyb3r-Monk
93
570
bsd-3-clause
29
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
kql dfir cybersecurity kusto-language threat-hunting threat-detection microsoft-sentinel defender-for-endpoint detection-engineering
Created 2020-11-02
22 commits to main branch, last one 5 months ago
cyb3rmik3
KQL-threat-hunting-queries cyb3rmik3
54
467
mit
9
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
kql kusto security sentinel microsoft kusto-query threat-hunt microsoftxdr microsoft-365 microsoft-xdr securitycenter threat-hunting threat-detecting threat-detection microsoft-security microsoft-sentinel kusto-query-language microsoft-365-defender microsoft-365-security
Created 2022-07-19
309 commits to main branch, last one 4 days ago
alexverboon
MDATP alexverboon
59
453
mit
33
Microsoft Defender XDR - Resource Hub
kql blogs learning threathunting defender-for-endpoint defender-for-identity microsoft-defender-xdr defender-for-cloud-apps defender-for-office-365
Created 2019-06-15
207 commits to master branch, last one 12 days ago
LearningKijo
KQL LearningKijo
70
413
unknown
21
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
edr kql xdr kusto threat-hunting incident-response
Created 2022-12-12
802 commits to main branch, last one 14 days ago
cyb3rmik3
MDE-DFIR-Resources cyb3rmik3
37
316
mit
10
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
kql mde dfir kusto microsoft resources kusto-query curated-list live-response digital-forensics incident-response curated-collections kusto-query-language microsoft-defender-for-endpoint digital-forensics-incident-response
Created 2023-11-01
48 commits to main branch, last one about a month ago
ashwin-patil
blue-teaming-with-kql ashwin-patil
38
194
mit
10
Repository with Sample KQL Query examples for Threat Hunting
kql siem azure security blueteaming loganalytics azure-sentinel threat-hunting azure-data-explorer
Created 2020-10-23
17 commits to main branch, last one about a year ago
getkirby
kql getkirby
5
141
mit
16
Kirby's Query Language API combines the flexibility of Kirby's data structures, the power of GraphQL and the simplicity of REST.
api cms kql json kirby query flat-file file-based headless-cms query-language
Created 2020-01-15
109 commits to main branch, last one 7 months ago
lawndoc
AdvancedHuntingQueries lawndoc
14
99
unlicense
5
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
kql xdr kusto hunting defender security detection microsoft defender-atp microsoft365 cybersecurity cyber-security threat-hunting defender-for-endpoint detection-engineering
Created 2021-08-13
139 commits to main branch, last one 7 months ago
rod-trent
Copilot-for-Security rod-trent
15
95
mit
4
My personal work with Copilot for Security
kql code copilot plugins prompts security
Created 2023-10-28
617 commits to main branch, last one a day ago
ep3p
Sentinel_KQL ep3p
20
93
mit
5
In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).
kql siem azure entra kusto entra-id security sentinel microsoft watchlist microsoft-sentinel
Created 2022-07-19
1,657 commits to main branch, last one a day ago
tobiasmcvey
kusto-queries tobiasmcvey
30
86
mit
7
example queries for learning the kusto language
kql azure kusto kusto-language application-insights
Created 2019-05-20
24 commits to main branch, last one 3 years ago
alexverboon
Hunting-Queries-Detection-Rules alexverboon
8
83
bsd-3-clause
1
KQL Queries. Microsoft Defender, Microsoft Sentinel
kql dfir azure azuread entraid hunting security sentinel detection defenderxdr defenderforendpoint defenderforidentity
Created 2023-05-02
91 commits to main branch, last one 4 days ago
jischell-msft
RemoteManagementMonitoringTools jischell-msft
6
68
mit
2
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
kql mde rmm security threat-hunting remotemanagement defender-for-endpoint
Created 2023-10-17
84 commits to main branch, last one 3 months ago
globalbao
azure-resource-graph globalbao
24
61
mit
8
Collection of Azure Resource Graph queries for use in Portal and via PowerShell - by @JesseLoudon
kql azure azgraph kusto-language resource-graph azure-resource-graph
Created 2020-06-04
23 commits to master branch, last one about a year ago
f-bader
AzSentinelQueries f-bader
13
60
unknown
3
Repository with Sentinel Analytics Rules and Hunting Queries
kql kusto sentinel detections hacktoberfest analytic-rules threat-hunting
Created 2022-03-25
80 commits to master branch, last one 3 days ago
0xAnalyst
DefenderATPQueries 0xAnalyst
5
54
gpl-3.0
2
Hunting Queries for Defender ATP
kql defender-atp detection-rules detection-engineering
Created 2023-09-12
176 commits to main branch, last one 4 days ago
f-bader
SentinelARConverter f-bader
9
51
mit
7
Sentinel Analytics Rule converter PowerShell module
kql sentinel hacktoberfest cyber-security
Created 2023-02-18
145 commits to main branch, last one 9 days ago
cylaris
awesomekql cylaris
5
47
gpl-3.0
3
Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs
kql siem azure detection detection-rules
Created 2020-10-29
148 commits to main branch, last one 11 months ago
EEN421
KQL-Queries EEN421
8
42
unknown
3
Ian Hanley's deceptively simple KQL queries.
kql azure devsecops cybersecurity cloud-security microsoft-sentinel
Created 2023-04-29
125 commits to Main branch, last one 5 months ago
ugurkocde
KQL-Search ugurkocde
5
28
mit
3
This repository has no description...
kql azure intune security
Created 2023-01-02
44 commits to master branch, last one 9 months ago