kql

A collection of sample dashboards, custom labels, mustaches, SQL scripts and PowerShell scripts to help you get the most out of SquaredUp. #community-powered

json dashboard powershell mustache samples dashboards powershell-scripts kusto kql squaredup sql-scripts community-answers

Updated Jan 31, 2023
PowerShell

Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.

microsoft azure incident-response dfir threat-hunting siem soc aws-security cloudsecurity threat-intelligence cloud-security azure-security kql gcp-security microsoft-sentinel microsoftsentinel cfir

Updated Nov 12, 2024
PowerShell

alexverboon / DefenderResourceHub

Star

Defender Resource Hub

sentinel defender xdr mde mdi mdo edr kql mdci

Updated Oct 23, 2024
PowerShell

gh-andrem / DefenderXDR-AdvancedHunting

Star

Defender XDR Advanced Hunting Queries (MDE, MDAV, Device Discovery)

kql defender-for-endpoint advanced-hunting m365-defender defender-xdr

Updated Nov 7, 2024
PowerShell

CodeByHarri / Incident-Response-and-Threat-Hunting

Star

A comprehensive collection of Kusto Query Language (KQL) queries designed for security professionals to detect, hunt, and respond to cyber threats and incidents, covering areas like Detections, Digital Forensics, and Hunting by Entity (Device, Email, User), and including operational queries for incident management and analytics tuning.

incident-response threat-hunting forensics-investigations kusto kql

Updated Nov 13, 2024
PowerShell

N372unn32 / AzureKQLPowerShellExtractor

Star

PowerShell Module that extracts data from Microsoft Azure using ARG KQL queries running in PowerShell. The extracted data can be exported to CSV, Excel, JSON reports, mitigating the maximum rows limitation of ARG Explorer on Azure.

azure red-team information-gathering reconnaissance cloud-security kql penetration-testing-tools azure-resource-graph

Updated Sep 5, 2023
PowerShell

cyph3rryx / CyberThreat-Monitor

Star

CyberThreat Monitor (SIEM Lab) with Microsoft Azure is a comprehensive threat monitoring solution built on Azure Sentinel, providing real-time visibility into global cyber threats.

powershell honeypot cybersecurity siem threat-analysis threat-intelligence microsoft-azure blue-team kql

Updated Oct 5, 2023
PowerShell

T13nn3s / microsoft

Star

Microsoft related PowerShell scripts and KQL queries

microsoft microsoft-azure kql azure-sentinel microsoft-defender

Updated Jan 3, 2022
PowerShell

AlfonsoJohn / Azure-HoneyNet-SOC

Star

Implemented a miniature HoneyNet on Azure, integrating log sources from diverse resources into a Log Analytics workspace.

powershell azure honeypot syslog sentinel network-security-groups nist800-53 kql azure-virtual-machine log-analytics-workspace securityevent security-operations-center nist800-61

Updated Oct 2, 2024
PowerShell

hoferandrea / blog

Star

This repo contains content which ist related to my blog https://hoferlabs.ch/.

automation powershell kql bicep

Updated May 7, 2023
PowerShell

darvinpatel / sentinelMap

Star

This repository offers tools and scripts for mapping and visualizing Microsoft Sentinel data. It includes utilities for extracting, analyzing, and presenting security information from Sentinel, helping to create detailed security maps and dashboards for improved threat analysis.

powershell azure virtual-machine honeypot workbooks kql azure-sentinel log-analytics-workspace log-ingestion