7 results found Sort:

Cyb3r-Monk
Threat-Hunting-and-Detection Cyb3r-Monk
103
698
bsd-3-clause
30
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
kql dfir cybersecurity kusto-language threat-hunting threat-detection microsoft-sentinel defender-for-endpoint detection-engineering
Created 2020-11-02
30 commits to main branch, last one about a month ago
cyb3rmik3
KQL-threat-hunting-queries cyb3rmik3
71
636
mit
16
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
kql kusto security sentinel microsoft kusto-query threat-hunt microsoftxdr microsoft-365 microsoft-xdr securitycenter threat-hunting threat-detecting threat-detection microsoft-security microsoft-sentinel kusto-query-language microsoft-365-defender microsoft-365-security
Created 2022-07-19
357 commits to main branch, last one 3 days ago
eshlomo1
Microsoft-Sentinel-SecOps eshlomo1
63
245
mit
13
Microsoft Sentinel SOC Operations
ir soc siem azure secops hunting security microsoft cloudsecurity azure-sentinel threat-hunting incident-response microsoft-sentinel threat-intelligence
Created 2020-02-27
368 commits to master branch, last one 6 months ago
briandelmsft
SentinelAutomationModules briandelmsft
56
229
mit
10
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
sentinel automation sample-code azuresentinel cybersecurity azure-sentinel microsoft-sentinel
Created 2021-10-13
746 commits to main branch, last one 12 days ago
ep3p
Sentinel_KQL ep3p
22
107
mit
5
In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).
kql siem azure entra kusto entra-id security sentinel microsoft watchlist microsoft-sentinel
Created 2022-07-19
1,745 commits to main branch, last one a day ago
reversinglabs
reversinglabs-siem-rules reversinglabs
9
65
mit
5
A collection of various SIEM rules relating to malware family groups.
siem infosec microsoft-sentinel detection-engineering
Created 2022-12-05
52 commits to master branch, last one 7 months ago
EEN421
KQL-Queries EEN421
9
46
unknown
4
Ian Hanley's deceptively simple KQL queries.
kql azure devsecops cybersecurity cloud-security microsoft-sentinel
Created 2023-04-29
134 commits to Main branch, last one a day ago