kql

netevert/sentinel-attack

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

FalconForceTeam/FalconFriday

Hunting queries and detections

Cyb3r-Monk/Threat-Hunting-and-Detection

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

cyb3rmik3/KQL-threat-hunting-queries

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

SlimKQL/Hunting-Queries-Detection-Rules

KQL Queries. Microsoft Defender, Microsoft Sentinel

LearningKijo/KQL

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

alexverboon/MDATP

MDATP

cyb3rmik3/MDE-DFIR-Resources

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

ashwin-patil/blue-teaming-with-kql

Repository with Sample KQL Query examples for Threat Hunting

rod-trent/Security-Copilot

My personal work with Copilot for Security

wortell/KQL

KQL queries for Advanced Hunting

getkirby/kql

Kirby's Query Language API combines the flexibility of Kirby's data structures, the power of GraphQL and the simplicity of REST.

alexverboon/Hunting-Queries-Detection-Rules

KQL Queries. Microsoft Defender, Microsoft Sentinel

lawndoc/AdvancedHuntingQueries

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.

ep3p/Sentinel_KQL

In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).

f-bader/AzSentinelQueries

Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.

tobiasmcvey/kusto-queries

example queries for learning the kusto language

jischell-msft/RemoteManagementMonitoringTools

Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations

0xAnalyst/DefenderATPQueries

Hunting Queries for Defender ATP

globalbao/awesome-kql

Collection of awesome KQL queries for use in Portal and via PowerShell - by @JesseLoudon

NeilMacMullen/kusto-loco

C# KQL query engine with flexible I/O layers and visualization

chadmcox/Azure_Active_Directory

Contains Entra Related PowerShell Scripts and Entra Related KQL for Logs in Log Analytics

f-bader/SentinelARConverter

Sentinel Analytics Rule converter PowerShell module

cylaris/awesomekql

Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs

EEN421/KQL-Queries

Ian Hanley's deceptively simple KQL queries.

davidnx/baby-kusto-csharp

A self-contained execution engine for the Kusto Query Language (KQL) written in C#

Azure/pykusto

Query Kusto like a pro from the comfort of your Jupyter notebook

noodlemctwoodle/pf-azure-sentinel

Parse pfSense/OPNSense logs using Logstash, GeoIP tag entities, add additional context to logs, then send to Azure Sentinel for analysis.

ugurkocde/KQL-Search

eshlomo1/CloudSec

Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.

microsoft/Fabric-RTA-FlightStream

Microsoft Fabric Real-time Analytics flight streaming

squaredup/samples

A collection of sample dashboards, custom labels, mustaches, SQL scripts and PowerShell scripts to help you get the most out of SquaredUp. #community-powered

f-mahler/vuekit

Kirby 3 + Vue.js kit

HybridBrothers/Hunting-Queries-Detection-Rules

The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior

jostuffl/AzureSentinel_Stuff

A collection of things I've created or found that I think is useful for Azure Sentinel.