Skip to content
/ KQL_Queries_AdvancedHunting Public

Collection of KQL queries for sentinel and defender for organization wide monitoring

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Peronchichino/KQL_Queries_AdvancedHunting

BranchesTags

Repository files navigation

KQL_Queries_AdvancedHunting

Topics:

  • Country logins
  • Anomalous Token creation, etc
  • Various Logins (risky, failed, non-existant, etc)
  • Password resets
  • MFA
  • Device specific events
  • spoolsv.exe
  • New user in admin group -> PIM
  • Malicious HTTP Traffic -> HTTP Traffic
  • phishing file extension

To-Be-Added:

  • Azure job creation
  • Anomalous AAD Account Creation

About

Collection of KQL queries for sentinel and defender for organization wide monitoring

Topics

query monitoring azure sentinel defender pim hunting monitoring-tool privilege kusto kql advanced-hunting

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published