Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
-
Updated
Sep 5, 2023 - HCL
Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Hunting queries and detections
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Microsoft Defender XDR - Resource Hub
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
Repository with Sample KQL Query examples for Threat Hunting
Kirby's Query Language API combines the flexibility of Kirby's data structures, the power of GraphQL and the simplicity of REST.
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
example queries for learning the kusto language
KQL Queries. Microsoft 365 Defender, Microsoft Sentinel
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
Collection of Azure Resource Graph queries for use in Portal and via PowerShell - by @jesseloudon
Repository with Sentinel Analytics Rules and Hunting Queries
Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs
Add a description, image, and links to the kql topic page so that developers can more easily learn about it.
To associate your repository with the kql topic, visit your repo's landing page and select "manage topics."