A cybersecurity game in Azure Data Explorer
☆174Jul 12, 2024Updated last year
Alternatives and similar repositories for kc7
Users that are interested in kc7 are comparing it to the libraries listed below
Sorting:
- Threat Hunting is time consuming enough as it is. Coming up with and tracking metrics to justify your hunt team to the Execs often takes…☆13Dec 7, 2022Updated 3 years ago
- Repo of KC7 challenge scenarios☆27Aug 30, 2025Updated 6 months ago
- MSTIC Notebook Components☆35Sep 4, 2025Updated 6 months ago
- Synapse Rapid Power-up for SinkDB☆11Jun 24, 2025Updated 8 months ago
- This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…☆18Mar 10, 2023Updated 3 years ago
- Repo with supporting material for the talk titled "Cracking the Beacon: Automating the extraction of implant configurations"☆11Feb 6, 2025Updated last year
- Home repo for documentation and links to resources☆12Jul 25, 2019Updated 6 years ago
- A project that aims to automate Volatility3 at scale with the use of cloud strength and the power of KQL inside ADX.☆16Aug 19, 2025Updated 7 months ago
- OSSEM Data Dictionaries☆65Jan 22, 2025Updated last year
- Open Source Platform for storing, organizing, and searching documents related to cyber threats☆170Nov 10, 2023Updated 2 years ago
- A repository of Sysmon For Linux configuration modules☆16Oct 14, 2021Updated 4 years ago
- ☆31Sep 4, 2023Updated 2 years ago
- Collection of KQL queries☆1,621Jan 29, 2026Updated last month
- ☆20Sep 3, 2021Updated 4 years ago
- ☆43May 22, 2021Updated 4 years ago
- The goal of this repo is to archive artifacts from all versions of various OS's and categorizing them by type. This will help with artifa…☆648Nov 7, 2025Updated 4 months ago
- Dissect is a digital forensics & incident response framework and toolset that allows you to quickly access and analyse forensic artefacts…☆1,094Feb 25, 2026Updated 3 weeks ago
- Microsoft Threat Intelligence Security Tools☆1,954Mar 6, 2026Updated 2 weeks ago
- GitHub action for validating Microsoft Sentinel detection rules☆14May 22, 2023Updated 2 years ago
- The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…☆44Nov 7, 2020Updated 5 years ago
- python framework to parse logs for IR☆15May 2, 2021Updated 4 years ago
- Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.☆618Oct 17, 2025Updated 5 months ago
- Collection of awesome resources on intelligence writing, including manuals/guides, standards, books, tranings, articles, videos, etc☆598Dec 4, 2025Updated 3 months ago
- A Python library to help with some common threat hunting data analysis operations☆142Apr 23, 2023Updated 2 years ago
- Reportly is an AzureAD user activity report tool.☆96Aug 14, 2023Updated 2 years ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆51Sep 22, 2025Updated 5 months ago
- ☆263May 9, 2024Updated last year
- Jupyter notebooks for threat hunting☆60Mar 26, 2025Updated 11 months ago
- Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL☆279Aug 28, 2024Updated last year
- SubCrawl is a modular framework for discovering open directories, identifying unique content through signatures and organizing the data w…☆55Dec 5, 2024Updated last year
- The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel☆276Jan 2, 2026Updated 2 months ago
- The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Produc…☆451Jun 16, 2023Updated 2 years ago
- Powershell sandboxing utility☆20Mar 2, 2026Updated 2 weeks ago
- A PowerShell module for acquisition of data from Microsoft 365 and Azure for Incident Response and Cyber Security purposes.☆775Mar 3, 2026Updated 2 weeks ago
- In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…☆135Updated this week
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆90Sep 16, 2023Updated 2 years ago
- BlackBerry Threat Research & Intelligence☆100Oct 20, 2023Updated 2 years ago
- ☆67Mar 9, 2026Updated last week
- ☆613Jun 1, 2023Updated 2 years ago