SubashGhimire/Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-Defender external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

SubashGhimire/Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-Defender

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/SubashGhimire/Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-Defender)

Close

SubashGhimire / Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-DefenderView on GitHubMore

• External links
• Readme badge

KQL Sentinel and Defender Detection and Hunting Queries.

☆16Feb 24, 2026Updated last month

Alternatives and similar repositories for Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-Defender

Users that are interested in Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-Defender are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• ItzHerbie / KQL

  View on GitHub
  Detection rules and threat hunting queries in Defender XDR and Azure Sentinel
  ☆16Mar 13, 2026Updated last month
• KustoKing / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Detections for Microsoft Sentinel and Microsoft 365 Defender
  ☆21Nov 15, 2024Updated last year
• CTI-Driven / Advanced-Threat-Hunting-Ransomware-Groups-Affiliates

  View on GitHub
  Advanced Threat Hunting: Ransomware Group
  ☆28Jul 9, 2025Updated 9 months ago
• m4nbat / KustQueryLanguage_kql

  View on GitHub
  Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting
  ☆69Apr 1, 2026Updated 2 weeks ago
• Cloud-Architekt / AzureSentinel

  View on GitHub
  Sharing my KQL queries for Azure Sentinel
  ☆209Feb 9, 2026Updated 2 months ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• EEN421 / KQL-Queries

  View on GitHub
  Ian Hanley's deceptively simple KQL queries.
  ☆67Apr 10, 2026Updated last week
• lorisAmbrozzo / KQL-Queries

  View on GitHub
  Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR
  ☆17Nov 7, 2025Updated 5 months ago
• le0li9ht / Microsoft-Sentinel-Queries

  View on GitHub
  KQL queries for cyber defense and for solving daily issues
  ☆55Jul 28, 2025Updated 8 months ago
• alexverboon / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Microsoft Defender, Microsoft Sentinel
  ☆197Mar 16, 2026Updated last month
• Var5h1l / KQLIntel

  View on GitHub
  KQLIntel is a browser-based tool that uses LLMs to convert threat intelligence reports into actionable Kusto Query Language (KQL) queries…
  ☆30Aug 4, 2025Updated 8 months ago
• jsa2 / kql

  View on GitHub
  KQL for Azure Resource Manager and AppID search
  ☆23Aug 15, 2024Updated last year
• Bert-JanP / Sentinel-Automation

  View on GitHub
  Sentinel Logic Apps, Playbooks and Workbooks to automate enrichment, incident analysis and more.
  ☆116Jan 18, 2026Updated 3 months ago
• 0xAnalyst / DefenderATPQueries

  View on GitHub
  Hunting Queries for Defender ATP
  ☆83Apr 1, 2026Updated 2 weeks ago
• richlilly2004 / Azure-Sentinel

  View on GitHub
  ☆18Oct 20, 2022Updated 3 years ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• Azure / forensics

  View on GitHub
  ☆12Mar 28, 2026Updated 3 weeks ago
• f-bader / AzSentinelQueries

  View on GitHub
  Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
  ☆141Updated this week
• ep3p / Sentinel_KQL

  View on GitHub
  In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…
  ☆139Apr 9, 2026Updated last week
• rod-trent / SentinelPlaybooks

  View on GitHub
  ☆59Jul 18, 2024Updated last year
• NextronSystems / velociraptor-artifacts-thor

  View on GitHub
  Thor Artifacts for Velociraptor
  ☆19Dec 2, 2025Updated 4 months ago
• alexverboon / DefenderResourceHub

  View on GitHub
  Defender Resource Hub
  ☆30Apr 11, 2026Updated last week
• alexverboon / SentinelTIUploadToolkit

  View on GitHub
  Sentinel Threat Intelligence Upload Toolkit
  ☆18Jul 15, 2024Updated last year
• SlimKQL / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Microsoft Defender, Microsoft Sentinel
  ☆877Apr 11, 2026Updated last week
• CERT-EDF / generaptor

  View on GitHub
  CLI generator for Velociraptor offline collector
  ☆16Mar 6, 2026Updated last month
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• JouniMi / Threathunt.blog

  View on GitHub
  Queries from the blog posts.
  ☆15Oct 6, 2024Updated last year
• f-bader / SentinelARConverter

  View on GitHub
  Sentinel Analytics Rule converter PowerShell module
  ☆67Feb 24, 2026Updated last month
• KernelCaleb / Kustonomicon

  View on GitHub
  A series of cloud focused KQL queries for threat hunting and DFIR
  ☆12Oct 21, 2025Updated 5 months ago
• Kaidja / Microsoft-Sentinel

  View on GitHub
  Microsoft Sentinel related content
  ☆38Jan 22, 2025Updated last year
• stavrosgns / PDump

  View on GitHub
  PDump is a project for dumping leaked credentials from DEHASHED
  ☆17Jan 21, 2024Updated 2 years ago
• svch0stz / velociraptor-detections

  View on GitHub
  ☆22Jan 31, 2023Updated 3 years ago
• Velocidex / registry_hunter

  View on GitHub
  Hunt the windows Registry automatically using VQL
  ☆15Jan 6, 2026Updated 3 months ago
• BlackPerl-DFIR / IR-Cheatsheets

  View on GitHub
  This Repository consists all Public Cheatsheets created by BlackPerl DFIR Content Team
  ☆20Oct 9, 2024Updated last year
• cyb3rmik3 / cyb3rmik3

  View on GitHub
  GitHub landing page repo
  ☆12Feb 18, 2026Updated 2 months ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• noodlemctwoodle / sentinel.blog

  View on GitHub
  The Sentinel.blog Repository provides automation tools for updating Analytics Rules, Content Hub Solutions, and Workbooks, eliminating re…
  ☆18Updated this week
• kapellos / VladimiRED

  View on GitHub
  ☆19Dec 18, 2024Updated last year
• TheCloudScout / incident-enrich-virustotal

  View on GitHub
  ☆11Mar 29, 2022Updated 4 years ago
• inodee / spl-to-kql

  View on GitHub
  The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…
  ☆44Nov 7, 2020Updated 5 years ago
• rod-trent / SentinelKQL

  View on GitHub
  Azure Sentinel KQL
  ☆472Jul 28, 2025Updated 8 months ago
• reprise99 / kql-for-dfir

  View on GitHub
  A guide to using Azure Data Explorer and KQL for DFIR
  ☆124May 16, 2022Updated 3 years ago
• reprise99 / awesome-kql-sentinel

  View on GitHub
  A curated list of blogs, videos, tutorials, queries and anything else valuable to help you learn and master KQL and Microsoft Sentinel
  ☆239Feb 8, 2023Updated 3 years ago