Alternatives and similar repositories for Hunting-Queries-Detection-Rules

Users that are interested in Hunting-Queries-Detection-Rules are comparing it to the libraries listed below

• alexverboon / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Microsoft Defender, Microsoft Sentinel
  ☆194Dec 22, 2025Updated last month
• Velocidex / registry_hunter

  View on GitHub
  Hunt the windows Registry automatically using VQL
  ☆13Jan 6, 2026Updated last month
• EEN421 / KQL-Queries

  View on GitHub
  Ian Hanley's deceptively simple KQL queries.
  ☆68Dec 27, 2025Updated last month
• KustoKing / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Detections for Microsoft Sentinel and Microsoft 365 Defender
  ☆21Nov 15, 2024Updated last year
• LearningKijo / KQL

  View on GitHub
  Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
  ☆484Nov 22, 2024Updated last year
• FalconForceTeam / TelemetryCollectionManager

  View on GitHub
  Manage and maintain Defender XDR custom collection configuration
  ☆33Nov 19, 2025Updated 2 months ago
• f-bader / XDRStoryParser

  View on GitHub
  Visualize Microsoft Defender XDR process trees and security events
  ☆33Aug 24, 2025Updated 5 months ago
• jkerai1 / KQL-Queries

  View on GitHub
  KQL Queries
  ☆30Updated this week
• Velocidex / cloudvelo

  View on GitHub
  An experimental Velociraptor implementation using cloud infrastructure
  ☆26Dec 2, 2025Updated 2 months ago
• kennethvs / cabaseline202503

  View on GitHub
  Conditional Access baseline for March 2025
  ☆12Mar 4, 2025Updated 11 months ago
• CodeByHarri / Sigma2KQL

  View on GitHub
  Sigma Queries turned into KQL for Defender using pysigma
  ☆12Jun 20, 2024Updated last year
• markolauren / sentinel

  View on GitHub
  ☆67Jan 20, 2026Updated 3 weeks ago
• f-bader / AzSentinelQueries

  View on GitHub
  Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
  ☆137Feb 5, 2026Updated last week
• benscha / KQLAdvancedHunting

  View on GitHub
  some KQL Queries for Advanced Hunting
  ☆54Jan 15, 2026Updated 3 weeks ago
• 00010111 / gMetaDataParse

  View on GitHub
  ☆24Mar 12, 2025Updated 11 months ago
• SlimKQL / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Microsoft Defender, Microsoft Sentinel
  ☆824Feb 5, 2026Updated last week
• Harvester57 / Exploit-Protection-policy

  View on GitHub
  ☆10May 30, 2025Updated 8 months ago
• CERT-EDF / generaptor

  View on GitHub
  CLI generator for Velociraptor offline collector
  ☆15Oct 10, 2025Updated 4 months ago
• ItzHerbie / KQL

  View on GitHub
  Detection rules and threat hunting queries in Defender XDR and Azure Sentinel
  ☆16Updated this week
• lawndoc / AdvancedHuntingQueries

  View on GitHub
  Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.
  ☆132Updated this week
• cyb3rmik3 / KQL-threat-hunting-queries

  View on GitHub
  A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…
  ☆754Aug 28, 2025Updated 5 months ago
• Permiso-io-tools / bucket-shield

  View on GitHub
  ☆14Jan 8, 2026Updated last month
• WesSec / VelociDeploy-o-Matic

  View on GitHub
  Scripts to for ready-to-use Velociraptor instance deployment in Azure
  ☆14Jun 27, 2023Updated 2 years ago
• vysecurity / Nemesis-Download-Watcher

  View on GitHub
  Watches the Downloads folder for any new files and inserts it into Nemesis for analysis.
  ☆15Feb 29, 2024Updated last year
• Sleepw4lker / PSCertificateEnrollment

  View on GitHub
  PowerShell Module to ease requesting certificates on Windows
  ☆64Jul 2, 2025Updated 7 months ago
• NextronSystems / velociraptor-artifacts-thor

  View on GitHub
  Thor Artifacts for Velociraptor
  ☆19Dec 2, 2025Updated 2 months ago
• kidtronnix / restless-guest

  View on GitHub
  An offensive toolkit for restless guests #DEFCON33
  ☆54Aug 11, 2025Updated 6 months ago
• 0xAnalyst / DefenderATPQueries

  View on GitHub
  Hunting Queries for Defender ATP
  ☆83Dec 14, 2025Updated 2 months ago
• jkerai1 / SoftwareCertificates

  View on GitHub
  Repository for Software Certs for easy software blocking across corp environments, for example, using MDE IOC
  ☆64Feb 7, 2026Updated last week
• CyberAutomationX / SecureAzCloud-Scripts

  View on GitHub
  ☆100Oct 22, 2025Updated 3 months ago
• le0li9ht / Microsoft-Sentinel-Queries

  View on GitHub
  KQL queries for cyber defense and for solving daily issues
  ☆55Jul 28, 2025Updated 6 months ago
• okta / customer-detections

  View on GitHub
  A public collection of detections designed to detect threats associated with the Okta WIC Platform.
  ☆13Jan 5, 2026Updated last month
• reprise99 / kql-for-dfir

  View on GitHub
  A guide to using Azure Data Explorer and KQL for DFIR
  ☆124May 16, 2022Updated 3 years ago
• SubashGhimire / Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-Defender

  View on GitHub
  KQL Sentinel and Defender Detection and Hunting Queries.
  ☆15Feb 4, 2026Updated last week
• n3l5 / irCRpull

  View on GitHub
  irCRpull is a PowerShell script utilized to pull several system artifacts, utilizing the free tool CrowdResponse, from a live Win7+ syste…
  ☆14Mar 25, 2015Updated 10 years ago
• cdefid / TheHiveIRPlaybook

  View on GitHub
  TheHiveIRPlaybook is a collection of TheHive case templates used for Incident Response
  ☆13Jul 13, 2020Updated 5 years ago
• Croko-fr / ludus-templates

  View on GitHub
  Repository for Ludus french templates
  ☆21Jan 17, 2026Updated 3 weeks ago
• SecurityAura / DE-TH-Aura

  View on GitHub
  Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or eve…
  ☆277Dec 20, 2025Updated last month
• ep3p / Sentinel_KQL

  View on GitHub
  In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…
  ☆134Dec 18, 2025Updated last month