Compiles KQL expression to SQL Server fulltext queries.
-
Updated
Nov 1, 2019 - C#
Compiles KQL expression to SQL Server fulltext queries.
Sample files shared at the architect day(s) 19th-20th of November
Session about the Kusto query language that you can find in Azure tools such as Azure Data explorer (ADX) but also Azure Time Series Insights.
Custom made Query which you can run in your Microsoft Defender - Advanced Hunting tool to look for network activity related to Egregor Ransomware.
Defender for Endpoint Advanced Hunting Queries
A Jekyll-powered blog, to share my experience and learnings about DevOps, CyberSecurity, Edge-Computing and other Next-Generation Cloud technologies.
example queries for learning the kusto language
Simple KQL query that can be run either in MD for Endpoint (Threat hunting or Custom indicator) or in Azure Sentinel (Threat hunting or analytics rule).It's looking for 4 known IOCs related to the Kaseya attack
Threat-Hunting KQL query which identifies machines that utilize powershell, cmd or wmic to connect to any URL that includes “cdn.discordapp.com” ,where the action was initiated by a script execution ( .vbs , .bat etc)
KQL queries for monitor log analytics
[SETUP] Kirby as a Headless CMS (Kirby + KQL)
Microsoft related PowerShell scripts and KQL queries
Azure Governance - bits & pieces
Parse pfSense/OPNSense logs using Logstash, GeoIP tag entities, add additional context to logs, then send to Azure Sentinel for analysis.
Config files for my GitHub profile.
Windows Service of Syslog listener and send the messages to Azure Monitor
A collection of MDE KQL hunting queries useful for incident response and threat hunting.
Add a description, image, and links to the kql topic page so that developers can more easily learn about it.
To associate your repository with the kql topic, visit your repo's landing page and select "manage topics."