andersnese

andersnese's Stars

• Azure/Azure-Sentinel

  Cloud-native SIEM for intelligent security analytics for your entire enterprise.

  Language:Python4.9k2421.5k3.1k

• graphql-python/gql

  A GraphQL client in Python

  Language:Python1.6k26275183

• Tlaster/YourAV

  宇宙级最轻量杀毒软件

  Language:C#1.6k190103

• reprise99/Sentinel-Queries

  Collection of KQL queries

  1.5k8913354

• Bert-JanP/Hunting-Queries-Detection-Rules

  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

  Language:Python1.4k656257

• Mazars-Tech/AD_Miner

  AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses

  Language:JavaScript1.2k1944126

• FalconForceTeam/FalconHound

  FalconHound is a blue team multi-tool. It allows you to utilize and enhance the power of BloodHound in a more automated fashion. It is designed to be used in conjunction with a SIEM or other log aggregation tool.

  Language:Go78913253

• FalconForceTeam/FalconFriday

  Hunting queries and detections

  77955294

• cyb3rmik3/KQL-threat-hunting-queries

  A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

  67117174

• LearningKijo/SecurityResearcher-Note

  Cover various security approaches to attack techniques and also provides new discoveries about security breaches.

  Language:PowerShell47121074

• LearningKijo/KQL

  Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

  46523283

• mspnp/AzureNamingTool

  The Azure Naming Tool is a .NET 8 Blazor application, with a RESTful API. The UI consists of several pages to allow the configuration and generation of Azure Resource names. The API provides a programmatic interface for the functionality.

  Language:HTML4421371940

• cyb3rmik3/MDE-DFIR-Resources

  A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

  39011241

• rootsecdev/Microsoft-Blue-Forest

  Creating a hardened "Blue Forest" with Server 2016/2019 Domain Controllers

  Language:PowerShell26326024

• KQLMSPress/definitive-guide-kql

  Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL

  2397031

• SpecterOps/TierZeroTable

  Table of AD and Azure assets and whether they belong to Tier Zero

  Language:HTML2187322

• Cloud-Architekt/AzureSentinel

  Sharing my KQL queries for Azure Sentinel

  Language:PowerShell1658034

• Cloud-Architekt/AzurePrivilegedIAM

  Docs and samples for privileged identity and access management in Microsoft Azure and Microsoft Entra.

  Language:PowerShell1506328

• alexverboon/Hunting-Queries-Detection-Rules

  KQL Queries. Microsoft Defender, Microsoft Sentinel

  1422112

• 0xAnalyst/DefenderATPQueries

  Hunting Queries for Defender ATP

  81208

• JustinGrote/JAz.PIM

  Language:PowerShell347122

• mr-r3b00t/KQL

  This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet

  12202

• invictus-ir/kql_queries

  KQL queries for Incident Response

  11106

• thomand/dashboard

  liveFeed dashboard for the communications department at NTNU

  Language:JavaScript12200