kql
There are 7 repositories under kql topic.
- sentinel-attack
netevert / sentinel-attack
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
Language:HCL 1038 Bert-JanP / Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Language:Python 997FalconForceTeam / FalconFriday
Hunting queries and detections
- Threat-Hunting-and-Detection
Cyb3r-Monk / Threat-Hunting-and-Detection
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Language:Jupyter Notebook 561 - MDATP
alexverboon / MDATP
Microsoft Defender XDR - Resource Hub
Language:PowerShell 447 cyb3rmik3 / KQL-threat-hunting-queries
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
- KQL
LearningKijo / KQL
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
ashwin-patil / blue-teaming-with-kql
Repository with Sample KQL Query examples for Threat Hunting
getkirby / kql
Kirby's Query Language API combines the flexibility of Kirby's data structures, the power of GraphQL and the simplicity of REST.
Language:PHP 140lawndoc / AdvancedHuntingQueries
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
ep3p / Sentinel_KQL
In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).
tobiasmcvey / kusto-queries
example queries for learning the kusto language
KQL Queries. Microsoft 365 Defender, Microsoft Sentinel
jischell-msft / RemoteManagementMonitoringTools
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
Language:PowerShell 62globalbao / azure-resource-graph
Collection of Azure Resource Graph queries for use in Portal and via PowerShell - by @JesseLoudon
f-bader / AzSentinelQueries
Repository with Sentinel Analytics Rules and Hunting Queries
cylaris / awesomekql
Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs
EEN421 / KQL-Queries
Ian Hanley's deceptively simple KQL queries.
- Language:Python 30
noodlemctwoodle / pf-azure-sentinel
Parse pfSense/OPNSense logs using Logstash, GeoIP tag entities, add additional context to logs, then send to Azure Sentinel for analysis.
- Language:JavaScript 25
davidnx / baby-kusto-csharp
A self-contained execution engine for the Kusto Query Language (KQL) written in C#
Language:C# 22- Language:PHP 18
squaredup / samples
A collection of sample dashboards, custom labels, mustaches, SQL scripts and PowerShell scripts to help you get the most out of SquaredUp. #community-powered
Language:PowerShell 18microsoft / Fabric-RTA-FlightStream
Microsoft Fabric Real-time Analytics flight streaming
Language:Jupyter Notebook 14jostuffl / AzureSentinel_Stuff
A collection of things I've created or found that I think is useful for Azure Sentinel.
Language:Jupyter Notebook 12- kusto.blog
y0nil / kusto.blog
A technical blog about Kusto
Language:HTML 11 stuymedova / kirby-sveltekit
[SETUP] SvelteKit frontend for Kirby CMS + KQL backend
Language:JavaScript 90xbythesecond / Azure-SOC-Honeynet-Project
Built a mini HoneyNet in Azure and ingest log sources from various resources into a Log Analytics workspace
austin-lai / Collection-of-Azure-Monitor-or-Sentinel-Kusto-Queries
Collection of Azure Monitor or Sentinel Kusto Queries
- Language:TypeScript 6
gh-andrem / DefenderXDR-AdvancedHunting
Defender XDR Advanced Hunting Queries (MDE, MDAV, Device Discovery)
Language:PowerShell 6
