7 results found Sort:

Cyb3r-Monk
Threat-Hunting-and-Detection Cyb3r-Monk
97
595
bsd-3-clause
28
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
kql dfir cybersecurity kusto-language threat-hunting threat-detection microsoft-sentinel defender-for-endpoint detection-engineering
Created 2020-11-02
22 commits to main branch, last one 9 months ago
cyb3rmik3
KQL-threat-hunting-queries cyb3rmik3
59
550
mit
12
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
kql kusto security sentinel microsoft kusto-query threat-hunt microsoftxdr microsoft-365 microsoft-xdr securitycenter threat-hunting threat-detecting threat-detection microsoft-security microsoft-sentinel kusto-query-language microsoft-365-defender microsoft-365-security
Created 2022-07-19
329 commits to main branch, last one 15 days ago
eshlomo1
Microsoft-Sentinel-SecOps eshlomo1
62
237
mit
13
Microsoft Sentinel SOC Operations
ir soc siem azure secops hunting security microsoft cloudsecurity azure-sentinel threat-hunting incident-response microsoft-sentinel threat-intelligence
Created 2020-02-27
368 commits to master branch, last one 2 months ago
briandelmsft
SentinelAutomationModules briandelmsft
58
211
mit
10
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
sentinel automation sample-code azuresentinel cybersecurity azure-sentinel microsoft-sentinel
Created 2021-10-13
712 commits to main branch, last one about a month ago
ep3p
Sentinel_KQL ep3p
20
97
mit
5
In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).
kql siem azure entra kusto entra-id security sentinel microsoft watchlist microsoft-sentinel
Created 2022-07-19
1,678 commits to main branch, last one 2 days ago
reversinglabs
reversinglabs-siem-rules reversinglabs
7
60
mit
5
A collection of various SIEM rules relating to malware family groups.
siem infosec microsoft-sentinel detection-engineering
Created 2022-12-05
52 commits to master branch, last one 3 months ago
EEN421
KQL-Queries EEN421
8
43
unknown
3
Ian Hanley's deceptively simple KQL queries.
kql azure devsecops cybersecurity cloud-security microsoft-sentinel
Created 2023-04-29
129 commits to Main branch, last one about a month ago