Repository for Cortex XDR and Cortex XSIAM XQL queries and more!
☆41Jun 7, 2024Updated last year
Alternatives and similar repositories for cortex-xql-queries
Users that are interested in cortex-xql-queries are comparing it to the libraries listed below
Sorting:
- A few XDR Scripts☆22Mar 19, 2025Updated 11 months ago
- Python3 API toolkit for Prisma Cloud APIs☆23Mar 7, 2025Updated 11 months ago
- ☆11Aug 3, 2018Updated 7 years ago
- custom Python script to perform Yara matching in Cortex XDR☆14May 18, 2021Updated 4 years ago
- Sentinel Threat Intelligence Upload Toolkit☆18Jul 15, 2024Updated last year
- Manage Your Large Team of Consultants☆11Sep 18, 2025Updated 5 months ago
- Look into EDR events from network☆25Nov 20, 2025Updated 3 months ago
- Evtx Log (xml) Browser☆56Mar 12, 2023Updated 2 years ago
- A python-based API client for Cortex XDR API.☆26Sep 22, 2025Updated 5 months ago
- Case_Notes.py is a cross-platform (Windows, macOS, & Linux) python script to help make the documentation process easier.☆26Jun 24, 2023Updated 2 years ago
- ☆10Sep 10, 2024Updated last year
- Google Cloud Security Command Center to Azure Sentinel Connector☆19Jul 15, 2023Updated 2 years ago
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- This tool parses Windows EVTX logs to extract login and logout sessions from a security.evtx file. It uses a Tkinter GUI to let you selec…☆31Feb 22, 2025Updated last year
- ☆13Mar 19, 2024Updated last year
- Repository with selected IOCs and YARA rules for threat hunting.☆35May 21, 2025Updated 9 months ago
- The home of the BriMor Labs rdpieces Perl script that tries to rebuild parsed RDP Bitmap Cache images☆89Aug 29, 2023Updated 2 years ago
- Python logging handler for Loki☆18Dec 12, 2025Updated 2 months ago
- Bugs Framework☆10Updated this week
- ☆12Dec 14, 2016Updated 9 years ago
- A small crappy script I wrote that converts the Sigma Windows Process Creation events to KQL via PySigma. Designed for CI/CD☆10Nov 7, 2023Updated 2 years ago
- A clone of FD (File & Directory tool) by T.Shirai☆16Jan 29, 2014Updated 12 years ago
- Security research organization dedicated to finding low hanging, critical, vulnerabilities.☆15May 12, 2022Updated 3 years ago
- ☆10Feb 14, 2024Updated 2 years ago
- Sample queries for Advanced hunting in Windows Defender ATP☆11Apr 22, 2020Updated 5 years ago
- PyCon Italia Beginners' Day Workshop☆10Jun 9, 2022Updated 3 years ago
- Sigma Queries turned into KQL for Defender using pysigma☆12Jun 20, 2024Updated last year
- Different DFIR and CTI utilities☆39May 13, 2020Updated 5 years ago
- ☆10Feb 4, 2024Updated 2 years ago
- Powershell to read ETL file on an interval and convert it to an EVTX (so Windows Event Forwarding can 'subscribe')☆11May 16, 2017Updated 8 years ago
- macOS Endpoint Security Message Analysis Tool☆47Jan 31, 2022Updated 4 years ago
- Minimal C port of UTF8-CPP☆12Jun 2, 2019Updated 6 years ago
- Primarily aimed at replicating files that cannot be directly copied due to being in use.☆11Apr 22, 2024Updated last year
- MISP to Microsoft Defender integration☆17Feb 24, 2026Updated last week
- Library of threat hunts to get any user started!☆50Sep 4, 2020Updated 5 years ago
- Transform EQL detection rules to VQL artifacts☆12Nov 12, 2021Updated 4 years ago
- MSVC C++ resource example☆11Jun 28, 2018Updated 7 years ago
- Daily updated malware indicator lists from TR-CERT (USOM), including parsed malicious URLs, IPs, and domains.☆15Updated this week
- ☆10Aug 9, 2024Updated last year