FalconForceTeam/FalconForge external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

FalconForceTeam/FalconForge

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/FalconForceTeam/FalconForge)

Close

FalconForceTeam / FalconForgeView on GitHubMore

• External links
• Readme badge

This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deploying a repository of use-cases for the Sentinel and Microsoft 365 Defender products.

☆17Mar 10, 2023Updated 2 years ago

Alternatives and similar repositories for FalconForge

Users that are interested in FalconForge are comparing it to the libraries listed below

• FalconForceTeam / KQLAnalyzer

  View on GitHub
  REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
  ☆51Sep 22, 2025Updated 5 months ago
• microsoft / AzDetectSuite

  View on GitHub
  A collection of ARM-based detections for Azure/AzureAD based TTPs
  ☆89Dec 12, 2023Updated 2 years ago
• Intellisec-Solutions / Microsoft-Sentinel-SIGMA-Rules-Workbook

  View on GitHub
  ☆12Jul 15, 2022Updated 3 years ago
• cventour / PoSH

  View on GitHub
  Random Powershell scripts
  ☆13Feb 13, 2024Updated 2 years ago
• threat-punter / detection-as-code-example

  View on GitHub
  A POC to implement Detection-as-Code with Terraform and Sumo Logic.
  ☆31Jul 27, 2023Updated 2 years ago
• Sebmolendijk / mcas-labs

  View on GitHub
  Microsoft Cloud App Security labs
  ☆14Dec 17, 2018Updated 7 years ago
• SecureHats / validate-detections

  View on GitHub
  GitHub action for validating Microsoft Sentinel detection rules
  ☆14May 22, 2023Updated 2 years ago
• CiscoCXSecurity / Detection-Engineering-Framework

  View on GitHub
  ☆96Jan 7, 2026Updated last month
• jsa2 / kql

  View on GitHub
  KQL for Azure Resource Manager and AppID search
  ☆23Aug 15, 2024Updated last year
• Azure / MDEASM-Solutions

  View on GitHub
  Solutions developed by the MDEASM Customer Experience Engineering (CxE) Go-To Production (GTP) team for Azure MDEASM
  ☆29Feb 3, 2025Updated last year
• center-for-threat-informed-defense / summiting-the-pyramid

  View on GitHub
  Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…
  ☆57Feb 19, 2026Updated last week
• eshlomo1 / Azure-AD-Incident-Response

  View on GitHub
  Azure AD Incident Response
  ☆27Oct 8, 2021Updated 4 years ago
• OTRF / OSSEM-CDM

  View on GitHub
  OSSEM Common Data Model
  ☆56Sep 20, 2022Updated 3 years ago
• olafhartong / WDACme

  View on GitHub
  A WDAC configuration repository with the sole intention of enriching MDE
  ☆30Jun 18, 2025Updated 8 months ago
• redcanaryco / ansible-atomic-red-team

  View on GitHub
  This project is an Ansible Role to execute Atomic Red Team tests against multiple machines by wrapping Invoke-AtomicRedTeam
  ☆27Jul 4, 2024Updated last year
• infosecB / detection-as-code

  View on GitHub
  An example of how to deploy a Detection as Code pipeline using Sigma Rules, Sigmac, Gitlab CI, and Splunk.
  ☆60Mar 12, 2022Updated 3 years ago
• siriussecurity / dettectinator

  View on GitHub
  Dettectinator - The Python library to your DeTT&CT YAML files.
  ☆118Jan 22, 2026Updated last month
• blackhatethicalhacking / HiddenEye

  View on GitHub
  Modern Phishing Tool With Advanced Functionality [ Android-Support-Available ]
  ☆31Oct 10, 2019Updated 6 years ago
• wand3rlust / Hitchhikers-Guide-to-URL-Analysis

  View on GitHub
  Collection of Tools & Techniques for analyzing URLs
  ☆33Oct 1, 2023Updated 2 years ago
• EuroLeaps / scc-connectors

  View on GitHub
  Google Cloud Security Command Center to Azure Sentinel Connector
  ☆19Jul 15, 2023Updated 2 years ago
• socprime / the-prime-hunt

  View on GitHub
  A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation
  ☆77May 21, 2024Updated last year
• ep3p / Sentinel_KQL

  View on GitHub
  In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…
  ☆134Dec 18, 2025Updated 2 months ago
• ACE-Responder / ace-proctree

  View on GitHub
  Create a cool process tree like https://twitter.com/ACEResponder.
  ☆35Mar 1, 2023Updated 3 years ago
• fortinet-fortisoar / solution-pack-soar-framework

  View on GitHub
  ☆14Feb 6, 2026Updated 3 weeks ago
• themittenmac / threat-hunting-macos-book

  View on GitHub
  A companion Github repo for the book - Threat Hunting macOS by Jaron Bradley
  ☆17Jul 26, 2025Updated 7 months ago
• AttackIQ / SigmAIQ

  View on GitHub
  A pySigma wrapper and langchain toolkit for automatic rule creation/translation
  ☆92Nov 3, 2025Updated 3 months ago
• darkquasar / AIMOD2

  View on GitHub
  Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…
  ☆90Sep 16, 2023Updated 2 years ago
• panther-labs / panther_analysis_tool

  View on GitHub
  Command line tool for working with Panther rules and policies
  ☆48Updated this week
• center-for-threat-informed-defense / sightings_ecosystem

  View on GitHub
  Sightings Ecosystem gives cyber defenders visibility into what adversaries actually do in the wild. With your help, we are tracking MITRE…
  ☆38May 28, 2025Updated 9 months ago
• SigmaHQ / pySigma-backend-splunk

  View on GitHub
  pySigma Splunk backend
  ☆41Feb 19, 2026Updated last week
• Cyb3r-Monk / ACCD

  View on GitHub
  Active C&C Detector
  ☆156Oct 5, 2023Updated 2 years ago
• JeffMichelmore / MDEKit

  View on GitHub
  ☆43Oct 11, 2023Updated 2 years ago
• LouisMastelinck / LouSecInator

  View on GitHub
  This project contains a **test executable** specifically designed to trigger incidents in **Microsoft Defender for Endpoint (MDE)**. It…
  ☆14Jul 20, 2025Updated 7 months ago
• Cyb3rWard0g / IntelRAGU

  View on GitHub
  Intel Retrieval Augmented Generation (RAG) Utilities
  ☆91Jan 29, 2024Updated 2 years ago
• markolauren / sentinel

  View on GitHub
  ☆67Jan 20, 2026Updated last month
• wisepythagoras / honeyshell

  View on GitHub
  An SSH honeypot written entirely in Go.
  ☆12Dec 4, 2025Updated 2 months ago
• francoisfried / Defender-Advanced-Hunting-Queries

  View on GitHub
  KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.
  ☆18Nov 7, 2024Updated last year
• anovik / fractals

  View on GitHub
  Fractals using Python 3
  ☆10Apr 9, 2021Updated 4 years ago
• jacobocasado / PTHelper

  View on GitHub
  A penetration testing tool to help in Infrastructure pentesting process.
  ☆11Sep 19, 2023Updated 2 years ago