RoqueNight / DefenderATP-Proactive-Threat-Hunting-Queries-KQLView external linksLinks
List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by developing custom TTP'S from red-teaming engagements & simulations with the strategic goal to prevent threats before they have the opportunity to execute
☆26Jun 30, 2021Updated 4 years ago
Alternatives and similar repositories for DefenderATP-Proactive-Threat-Hunting-Queries-KQL
Users that are interested in DefenderATP-Proactive-Threat-Hunting-Queries-KQL are comparing it to the libraries listed below
Sorting:
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆40Apr 8, 2021Updated 4 years ago
- Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.☆132Updated this week
- Collection of Jupyter Notebook for Threat Hunting and Blue Team Purposes☆22Jun 15, 2022Updated 3 years ago
- Sample queries for Advanced hunting in Microsoft Defender ATP☆38Dec 19, 2021Updated 4 years ago
- Threat Hunter's Knowledge Base☆22Dec 27, 2021Updated 4 years ago
- This repo is where I store my Threat Hunting ideas/content☆87May 9, 2023Updated 2 years ago
- ☆29Updated this week
- Domain Response is a tool that is designed to help you automate the investigation for a domain. This tool is specificly designed to autom…☆49Jan 1, 2026Updated last month
- Repository with Sample KQL Query examples for Threat Hunting☆217Sep 1, 2022Updated 3 years ago
- Michael Melone's Kusto Query library☆20Nov 17, 2023Updated 2 years ago
- An opensource sigma conversion tool built using pysigma☆158Updated this week
- A simple many-rules to many-files YARA scanner for incident response or malware zoos.☆27Jun 3, 2018Updated 7 years ago
- A public repository of MITRE ATT&ACK TTP mappings by BushidoUK for OSINT reports that lack a section breaking down the TTPs.☆27Mar 20, 2025Updated 10 months ago
- A curated list of blogs, videos, tutorials, queries and anything else valuable to help you learn and master KQL and Microsoft Sentinel☆240Feb 8, 2023Updated 3 years ago
- A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…☆754Aug 28, 2025Updated 5 months ago
- ☆27Aug 15, 2022Updated 3 years ago
- ☆34Aug 23, 2022Updated 3 years ago
- A CALDERA plugin☆27Jan 28, 2026Updated 2 weeks ago
- Powershell collection designed to assist in Threat Hunting Windows systems.☆27Apr 13, 2018Updated 7 years ago
- Old home of LimaCharlie, open source EDR☆32Sep 4, 2023Updated 2 years ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆801Jan 14, 2026Updated 3 weeks ago
- ☆73Oct 21, 2024Updated last year
- Community content for LogRhythm Axon. Includes Dashboards, searches, analytics rules, processing policies and more.☆10Jul 26, 2024Updated last year
- Simulates a compromise in a cloud and container environment☆33Dec 18, 2024Updated last year
- ☆35Jun 30, 2020Updated 5 years ago
- Azure Deployment Templates for Mandiant Managed Huning☆12Jun 1, 2023Updated 2 years ago
- Jupyter Notebooks for the Blue Team☆145Mar 21, 2025Updated 10 months ago
- Sample queries for Advanced hunting in Windows Defender ATP☆11Apr 22, 2020Updated 5 years ago
- Project that creates a Kubernetes environment in Azure (AKS) and protects it with CloudGuard CSPM / Workload and Appsec technologies☆10Jun 12, 2023Updated 2 years ago
- A very basic app written in Javascript and packaged as a Docker image to be used as a demo when testing clustered deployments in ECS/EKS.☆11Jun 30, 2023Updated 2 years ago
- Some YARA rules i will add from time to time☆12May 31, 2019Updated 6 years ago
- Kernels for Untangle products☆10Jan 29, 2026Updated 2 weeks ago
- This is a fork from Ryan Carson's AI Dev Tasks repository, with some code cleanup and refactoring to enable support for PostgreSQL databa…☆15Sep 8, 2025Updated 5 months ago
- A Docker-based development stack for Bedrock WordPress multisite, optimized for local development, source control, and CI/CD integration.☆13Jun 26, 2025Updated 7 months ago
- KQL queries for Advanced Hunting☆176Jan 16, 2020Updated 6 years ago
- Automated Real-Time Threat Hunting with ATD, Active Response and Elasticsearch/Kibana☆10Aug 17, 2018Updated 7 years ago
- A sample about how to use the Azure Data Catalog REST API to fetch information from the Azure Data Catalog and how to register items with…☆10Nov 30, 2018Updated 7 years ago
- Write documentation with your code, to keep them in sync, ideal for public API docs.☆17Feb 4, 2026Updated last week
- Add iOS & Android device and push notification support in your Rails application.☆12Mar 6, 2017Updated 8 years ago