FalconForceTeam / TelemetryCollectionManagerLinks
Manage and maintain Defender XDR custom collection configuration
☆29Updated last month
Alternatives and similar repositories for TelemetryCollectionManager
Users that are interested in TelemetryCollectionManager are comparing it to the libraries listed below
Sorting:
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆113Updated 4 months ago
- Sharing presentation slides and workbook templates that can be useful to others to learn more about Azure Active Directory!☆20Updated last year
- Velociraptor Server hosted in Azure App Service☆59Updated 7 months ago
- A PowerShell module for the Defender XDR portal☆59Updated this week
- A comprehensive list of usable Entra ID first-party clients with pre-consented Microsoft Graph scopes, in a simple YAML-file explorable w…☆147Updated last month
- ☆41Updated 2 years ago
- Azure administrative tiering based on known attack paths☆131Updated 3 weeks ago
- MS Entra ID Protection Guidance☆22Updated last year
- ☆61Updated 2 years ago
- sKaleQL is an opinionated template repository for managing, executing, and organizing Kusto Query Language (KQL) queries against Azure Lo…☆19Updated 7 months ago
- ☆11Updated 3 years ago
- Lightweight security tool for auditing your organization's Conditional Access Policies (CAPs) in Microsoft Entra ID for potential misconf…☆78Updated 10 months ago
- The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect…☆62Updated 2 months ago
- Sentinel Logic Apps, Playbooks and Workbooks to automate enrichment, incident analysis and more.☆112Updated last week
- Presentations from Conferences☆30Updated last year
- Hunting Queries for Defender ATP☆82Updated last month
- A pure PowerShell solution for Entra OAuth authentication, enabling easy retrieval of access and refresh tokens☆122Updated last month
- A tiny tool built to find and fix common misconfigurations in Active Directory-integrated DNS☆146Updated 3 weeks ago
- ☆17Updated last year
- Shows which M365 Objects have Privileged Access and what type (i.e. PIM, Direct, Currently Elevated)☆36Updated 7 months ago
- Scripts to enumerate and report on Entra Conditional Access☆41Updated 4 months ago
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆12Updated 3 months ago
- PowerShell script designed to help Incident Responders collect forensic evidence from local and remote Windows devices.☆109Updated last year
- A tiny tool built to help AD Admins tame the Protected Users group.☆134Updated 4 months ago
- Audits an AppLocker policy XML and reports weak/misconfigured/risky settings, including actual ACL checks.☆130Updated 4 months ago
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆40Updated last year
- Table of AD and Azure assets and whether they belong to Tier Zero☆254Updated last month
- Visualize Microsoft Defender XDR process trees and security events☆34Updated 4 months ago
- TIM is a Kusto investigation platform that enables a user to quickly pivot between data sources; annotate their findings; and promotes co…☆23Updated last year
- An automated deployment tool that creates instrumented Azure environments with vulnerable systems for simulating attacks and testing Micr…☆60Updated 5 months ago