sunchippss's repositories
definitive-guide-kql
Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL
azure-security-tools
A collection of tools for azure security
sunchippss
Config files for my GitHub profile.
KQL
Kusto Query Language
Sentinel-Queries
Collection of KQL queries
SentinelKQL
Azure Sentinel KQL
Snaffler
a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
Azure-review-checklists
This repo contains code and examples to operationalize spreadsheet-based checklists that can be used for Azure design reviews on multiple technologies.
MustLearnKQL
Code included as part of the MustLearnKQL blog series
Azure-Sentinel
Cloud-native SIEM for intelligent security analytics for your entire enterprise.
AI-Song-Of-Ice-And-Fire
Using large language models to complete A Song of Ice and Fire.
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
awesome-kql-sentinel
A curated list of blogs, videos, tutorials, queries and anything else valuable to help you learn and master KQL and Microsoft Sentinel
which-reality
PHP code to determine which reality (Server OS and web app versions) the app is running in (yeah... it's a play on Rick and Morty)
Office-365-Extractor
The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)
Office-365-Extractor-1
The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)
Business-Email-Compromise-Guide
The Business Email Compromise Guide sets out to describe 10 steps for performing a Business Email Compromise (BEC) investigation in an Office 365 environment. Each step is intended to guide the process of identifying, collecting and analysing activity associated with BEC intrusions.
MIA-MailItemsAccessed-
Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features from the Office 365 Audit Log.
crowdstrike-falcon-queries
A collection of Splunk's Search Processing Language (SPL) for Threat Hunting with CrowdStrike Falcon