KustoHawk is a lightweight incident triage and response tool designed for effective incident response in Microsoft Defender XDR and Microsoft Sentinel environments.
☆133Jan 11, 2026Updated last month
Alternatives and similar repositories for KustoHawk
Users that are interested in KustoHawk are comparing it to the libraries listed below
Sorting:
- Conditional Access baseline for October 2025☆93Nov 26, 2025Updated 3 months ago
- Content Repo for Demystifying KQL Tutorial Series☆72Sep 1, 2024Updated last year
- Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR☆16Nov 7, 2025Updated 3 months ago
- ☆58Dec 10, 2025Updated 2 months ago
- Conditional Access baseline for March 2025☆12Mar 4, 2025Updated last year
- The Sentinel.blog Repository provides automation tools for updating Analytics Rules, Content Hub Solutions, and Workbooks, eliminating re…☆17Updated this week
- Repo of KC7 challenge scenarios☆26Aug 30, 2025Updated 6 months ago
- some KQL Queries for Advanced Hunting☆65Updated this week
- Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…☆277Dec 20, 2025Updated 2 months ago
- ☆45Apr 10, 2024Updated last year
- Here are some tools I developed to help analyze malware☆11Nov 8, 2023Updated 2 years ago
- Is a portable forensic tool for analyzing Windows logs, pre-organized according to the methodology outlined in this job: https://cybersec…☆15Jul 19, 2025Updated 7 months ago
- ConditionalAccessIQ streamlines this process by providing automatic version control, change tracking, and visual comparisons of your Cond…☆59Jun 30, 2025Updated 8 months ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆577Dec 6, 2025Updated 2 months ago
- An automation framework for deploying Microsoft Sentinel environments using pipelines. This project combines infrastructure-as-code (Bice…☆22Jul 31, 2025Updated 7 months ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- Hunting Queries for Defender ATP☆83Dec 14, 2025Updated 2 months ago
- 🛡️ SIGMA Detection Engineering Platform A comprehensive AI-powered detection engineering platform for security teams to explore MITRE AT…☆46Jun 28, 2025Updated 8 months ago
- Discover a curated collection of scripts for Microsoft Azure and Microsoft 365 in this repository. Tailored for efficiency and automation…☆35Oct 21, 2025Updated 4 months ago
- A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as …☆432Feb 18, 2026Updated 2 weeks ago
- Splunk TA for alert action to TheHive-project☆11May 13, 2020Updated 5 years ago
- Automated security investigation tool using Microsoft MCP Servers, GitHub Copilot, Python Modules and custom copilot-instructions.☆48Updated this week
- This repository provides insight on how to get started with Microsoft Security☆11Nov 27, 2025Updated 3 months ago
- ☆12Jul 15, 2022Updated 3 years ago
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆832Updated this week
- ☆36Jan 11, 2023Updated 3 years ago
- Create a cool process tree like https://twitter.com/ACEResponder.☆35Mar 1, 2023Updated 3 years ago
- ☆96Jan 7, 2026Updated last month
- Parser for Windows Scheduled Task files.☆13Apr 26, 2023Updated 2 years ago
- Forensic cheatsheets for use with cheat☆15Dec 2, 2021Updated 4 years ago
- YARA, SIGMA, SNORT Rules based on Malware Analysis☆16Apr 23, 2025Updated 10 months ago
- Malformed Access Log to CSV - Convert Web Server Access Logs to CSV☆18Sep 3, 2024Updated last year
- Automatic Microsoft Sentinel Deployment☆16Apr 1, 2025Updated 11 months ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆771Updated this week
- Windows file metadata / forensic tool.☆18Oct 12, 2025Updated 4 months ago
- Troubleshooting MDE Workstations☆42Jan 7, 2026Updated last month
- Python script for parsing ESET (NOD32) virlog.dat file.☆14Sep 28, 2017Updated 8 years ago
- Registry timestamp manipulation☆17Feb 26, 2014Updated 12 years ago
- This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…☆17Mar 10, 2023Updated 2 years ago