A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

Kusto client libraries for Python

Accelerator for building a Microsoft Fabric data platform with reusable components and an ELT orchestration framework. Automates up to 80% of Bronze and Silver layer processing, so you can focus on business insights in the Gold layer.

Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.

In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).

C# KQL query engine with flexible I/O layers and visualization

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.

example queries for learning the kusto language

Apache Spark Connector for Azure Kusto

Azure Data Explorer (Kusto) SDK for Go

Enables Kibana to query Azure Data Explorer (ADX / Kusto)

JS SDK for the Kusto service

Kafka sink for Kusto

Microsoft Azure Kusto Library for Java

Quick start. Index multiple documents in a repository using HuggingFace embeddings. Save them in Chroma and / or FAISS for recall. Choose OpenAI or Azure OpenAI APIs to get answers to your questions - Q&A with OpenAI and Azure OpenAI.

Desktop KQL query builder for Microsoft security and Azure services - 52 tables across Defender, Sentinel, Entra ID, Azure Monitor, App Insights, and more

A self-contained execution engine for the Kusto Query Language (KQL) written in C#