RoqueNight/DefenderATP-Proactive-Threat-Hunting-Queries-KQL external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

RoqueNight/DefenderATP-Proactive-Threat-Hunting-Queries-KQL

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/RoqueNight/DefenderATP-Proactive-Threat-Hunting-Queries-KQL)

Close

RoqueNight / DefenderATP-Proactive-Threat-Hunting-Queries-KQLView on GitHubMore

• External links
• Readme badge

List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by developing custom TTP'S from red-teaming engagements & simulations with the strategic goal to prevent threats before they have the opportunity to execute

☆26Jun 30, 2021Updated 4 years ago

Alternatives and similar repositories for DefenderATP-Proactive-Threat-Hunting-Queries-KQL

Users that are interested in DefenderATP-Proactive-Threat-Hunting-Queries-KQL are comparing it to the libraries listed below

• gmellini / Microsoft-Defender-Security-Center-Hunting-Queries

  View on GitHub
  Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…
  ☆40Apr 8, 2021Updated 4 years ago
• Cyb3r-Monk / Cheat-Sheets

  View on GitHub
  Cheat sheets for threat hunting, detection and other stuff.
  ☆34Oct 7, 2022Updated 3 years ago
• lawndoc / AdvancedHuntingQueries

  View on GitHub
  Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.
  ☆133Feb 10, 2026Updated 3 weeks ago
• MII-Cybersec / Threat-Hunting-Notebook

  View on GitHub
  Collection of Jupyter Notebook for Threat Hunting and Blue Team Purposes
  ☆22Jun 15, 2022Updated 3 years ago
• alexverboon / WindowsDefenderATP-Hunting-Queries

  View on GitHub
  Sample queries for Advanced hunting in Microsoft Defender ATP
  ☆38Dec 19, 2021Updated 4 years ago
• vadim-hunter / Threat-Hunters-KB

  View on GitHub
  Threat Hunter's Knowledge Base
  ☆22Dec 27, 2021Updated 4 years ago
• paladin316 / ThreatHunting

  View on GitHub
  This repo is where I store my Threat Hunting ideas/content
  ☆88May 9, 2023Updated 2 years ago
• SumoLogic / cloud-siem-content-catalog

  View on GitHub
  ☆31Feb 27, 2026Updated last week
• Bert-JanP / Domain-Response

  View on GitHub
  Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…
  ☆49Jan 1, 2026Updated 2 months ago
• mjmelone / KQL

  View on GitHub
  Michael Melone's Kusto Query library
  ☆20Nov 17, 2023Updated 2 years ago
• ashwin-patil / blue-teaming-with-kql

  View on GitHub
  Repository with Sample KQL Query examples for Threat Hunting
  ☆217Sep 1, 2022Updated 3 years ago
• magicsword-io / sigconverter.io

  View on GitHub
  An opensource sigma conversion tool built using pysigma
  ☆161Feb 9, 2026Updated 3 weeks ago
• nogoodconfig / pyarascanner

  View on GitHub
  A simple many-rules to many-files YARA scanner for incident response or malware zoos.
  ☆27Jun 3, 2018Updated 7 years ago
• BushidoUK / MITRE-Mappings

  View on GitHub
  A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.
  ☆27Mar 20, 2025Updated 11 months ago
• reprise99 / awesome-kql-sentinel

  View on GitHub
  A curated list of blogs, videos, tutorials, queries and anything else valuable to help you learn and master KQL and Microsoft Sentinel
  ☆239Feb 8, 2023Updated 3 years ago
• cyb3rmik3 / KQL-threat-hunting-queries

  View on GitHub
  A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…
  ☆758Aug 28, 2025Updated 6 months ago
• mitre / training

  View on GitHub
  A CALDERA plugin
  ☆27Feb 24, 2026Updated last week
• schwartz1375 / Threat-Hunting-in-AWS

  View on GitHub
  ☆36Aug 23, 2022Updated 3 years ago
• securycore / ThreatHunting

  View on GitHub
  Powershell collection designed to assist in Threat Hunting Windows systems.
  ☆27Apr 13, 2018Updated 7 years ago
• Cyb3r-Monk / Threat-Hunting-and-Detection

  View on GitHub
  Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
  ☆804Jan 14, 2026Updated last month
• invictus-ir / Blue-team-app-Office-365-and-Azure

  View on GitHub
  ☆72Oct 21, 2024Updated last year
• LogRhythm-Services / Axon-Content

  View on GitHub
  Community content for LogRhythm Axon. Includes Dashboards, searches, analytics rules, processing policies and more.
  ☆10Jul 26, 2024Updated last year
• Permiso-io-tools / cloudtail

  View on GitHub
  ☆30Jan 13, 2026Updated last month
• cado-security / CloudAndContainerCompromiseSimulator

  View on GitHub
  Simulates a compromise in a cloud and container environment
  ☆34Dec 18, 2024Updated last year
• mandiant / mandiant_managed_hunting

  View on GitHub
  Azure Deployment Templates for Mandiant Managed Huning
  ☆12Jun 1, 2023Updated 2 years ago
• invictus-ir / Invictus-training

  View on GitHub
  Repository with supporting materials for Invictus Academy/Training
  ☆44Jan 3, 2025Updated last year
• TazWake / Public

  View on GitHub
  Collection of scripts provided for public use
  ☆39Feb 4, 2026Updated last month
• mattv8 / bedrock-multisite-docker

  View on GitHub
  A Docker-based development stack for Bedrock WordPress multisite, optimized for local development, source control, and CI/CD integration.
  ☆14Jun 26, 2025Updated 8 months ago
• aqueeb / confluence2md

  View on GitHub
  Convert Confluence MIME exports (.doc) to clean Markdown
  ☆34Jan 13, 2026Updated last month
• aws-samples / cluster-sample-app

  View on GitHub
  A very basic app written in Javascript and packaged as a Docker image to be used as a demo when testing clustered deployments in ECS/EKS.
  ☆11Jun 30, 2023Updated 2 years ago
• mbenigni / OSNThreatGroups

  View on GitHub
  Threat Network Detection in Online Social Networks
  ☆10Jan 20, 2017Updated 9 years ago
• gbrembati / terraform-cloudguard-k8s-protection

  View on GitHub
  Project that creates a Kubernetes environment in Azure (AKS) and protects it with CloudGuard CSPM / Workload and Appsec technologies
  ☆10Jun 12, 2023Updated 2 years ago
• stulogy / vibe-prd

  View on GitHub
  This is a fork from Ryan Carson's AI Dev Tasks repository, with some code cleanup and refactoring to enable support for PostgreSQL databa…
  ☆15Sep 8, 2025Updated 5 months ago
• untangle / ngfw_kernels

  View on GitHub
  Kernels for Untangle products
  ☆10Jan 29, 2026Updated last month
• Neo23x0 / YARA-rules

  View on GitHub
  Some YARA rules i will add from time to time
  ☆12May 31, 2019Updated 6 years ago
• wortell / KQL

  View on GitHub
  KQL queries for Advanced Hunting
  ☆176Jan 16, 2020Updated 6 years ago
• rice-farm / rice-swap-interface

  View on GitHub
  🍚 Rice Frontend AMM Swap
  ☆26Sep 21, 2021Updated 4 years ago
• dafthack / gitleaks

  View on GitHub
  Scan git repos for secrets using regex and entropy 🔑
  ☆10Jun 18, 2020Updated 5 years ago
• mrbaselier / NLInfoSec-Repo

  View on GitHub
  This Repository is specially created for the NL InfoSec Discord Channel
  ☆11Dec 19, 2021Updated 4 years ago