MDATP

A collection of sample dashboards, custom labels, mustaches, SQL scripts and PowerShell scripts to help you get the most out of SquaredUp. #community-powered

Sentinel Analytics Rule converter PowerShell module

Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations

Contains Entra Related PowerShell Scripts and Entra Related KQL for Logs in Log Analytics

CMF Analytics scenario TSI to ADX or Fabric RTI migration tools

Defender Resource Hub

Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.

CyberThreat Monitor (SIEM Lab) with Microsoft Azure is a comprehensive threat monitoring solution built on Azure Sentinel, providing real-time visibility into global cyber threats.

This repo contains content which ist related to my blog https://hoferlabs.ch/.

Defender XDR Advanced Hunting Queries (MDE, MDAV, Device Discovery)

This repository offers tools and scripts for mapping and visualizing Microsoft Sentinel data. It includes utilities for extracting, analyzing, and presenting security information from Sentinel, helping to create detailed security maps and dashboards for improved threat analysis.

Microsoft related PowerShell scripts and KQL queries

Azure Resource Graph learnings with Azure PowerShell, Azure CLI and VS Code

Sample files shared at the architect day(s) 19th-20th of November

Implemented a miniature HoneyNet on Azure, integrating log sources from diverse resources into a Log Analytics workspace.

PowerShell Module that extracts data from Microsoft Azure using ARG KQL queries running in PowerShell. The extracted data can be exported to CSV, Excel, JSON reports, mitigating the maximum rows limitation of ARG Explorer on Azure.

A comprehensive collection of Kusto Query Language (KQL) queries designed for security professionals to detect, hunt, and respond to cyber threats and incidents, covering areas like Detections, Digital Forensics, and Hunting by Entity (Device, Email, User), and including operational queries for incident management and analytics tuning.