Hunting Queries for Defender ATP
-
Updated
Nov 17, 2024
#
kql
Here are 128 public repositories matching this topic...
KQL Queries. Microsoft Defender, Microsoft Sentinel
-
Updated
Nov 15, 2024 - HTML
An assortment of resources pertaining to Defender XDR and Microsoft Sentinel, such as KQL hunting queries and workbooks.
-
Updated
Nov 14, 2024
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
dfir
cybersecurity
threat-hunting
threat-detection
kql
detection-engineering
kusto-language
defender-for-endpoint
microsoft-sentinel
-
Updated
Nov 14, 2024 - Jupyter Notebook
A comprehensive collection of Kusto Query Language (KQL) queries designed for security professionals to detect, hunt, and respond to cyber threats and incidents, covering areas like Detections, Digital Forensics, and Hunting by Entity (Device, Email, User), and including operational queries for incident management and analytics tuning.
-
Updated
Nov 13, 2024 - PowerShell
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
security
azure
sentinel
dfir
cybersecurity
infosec
threat-hunting
misp
vulnerability-management
mde
blueteam
mdi
zero-day
kql
defender-for-endpoint
-
Updated
Nov 13, 2024 - Python
Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.
microsoft
azure
incident-response
dfir
threat-hunting
siem
soc
aws-security
cloudsecurity
threat-intelligence
cloud-security
azure-security
kql
gcp-security
microsoft-sentinel
microsoftsentinel
cfir
-
Updated
Nov 12, 2024 - PowerShell
Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
-
Updated
Nov 12, 2024
KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.
-
Updated
Nov 7, 2024
Defender XDR Advanced Hunting Queries (MDE, MDAV, Device Discovery)
-
Updated
Nov 7, 2024 - PowerShell
Contains Entra Related PowerShell Scripts and Entra Related KQL for Logs in Log Analytics
-
Updated
Nov 6, 2024 - PowerShell
C# KQL query engine with flexible I/O layers and visualization
-
Updated
Nov 4, 2024 - C#
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
microsoft
security
sentinel
threat-hunting
threat-detection
securitycenter
kusto
kql
threat-hunt
microsoft-365
kusto-query-language
microsoft-security
microsoft-sentinel
kusto-query
microsoft-365-security
microsoft-365-defender
threat-detecting
microsoft-xdr
microsoftxdr
-
Updated
Nov 4, 2024
Improve this page
Add a description, image, and links to the kql topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the kql topic, visit your repo's landing page and select "manage topics."