Alternatives and similar repositories for m365defender-adx

Users that are interested in m365defender-adx are comparing it to the libraries listed below

• nicolonsky / AzureAiTMFunction

  View on GitHub
  Azure AiTM Function PoC to phish Entra ID Credentials
  ☆28Nov 21, 2025Updated 2 months ago
• msdirtbag / ADXFlowmaster

  View on GitHub
  ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.
  ☆40Oct 30, 2024Updated last year
• Var5h1l / KQLIntel

  View on GitHub
  KQLIntel is a browser-based tool that uses LLMs to convert threat intelligence reports into actionable Kusto Query Language (KQL) queries…
  ☆29Aug 4, 2025Updated 6 months ago
• JeffMichelmore / MDEKit

  View on GitHub
  ☆42Oct 11, 2023Updated 2 years ago
• ItzHerbie / KQL

  View on GitHub
  Detection rules and threat hunting queries in Defender XDR and Azure Sentinel
  ☆16Updated this week
• i-am-shodan / Seahaven

  View on GitHub
  Generate test data that is not only realistic but also contextually meaningful
  ☆27Jun 30, 2023Updated 2 years ago
• msdirtbag / azurevelo

  View on GitHub
  Velociraptor Server hosted in Azure App Service
  ☆59Jun 4, 2025Updated 8 months ago
• christosgalano / sKaleQL

  View on GitHub
  sKaleQL is an opinionated template repository for managing, executing, and organizing Kusto Query Language (KQL) queries against Azure Lo…
  ☆19May 20, 2025Updated 8 months ago
• mr-r3b00t / KQL

  View on GitHub
  This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet
  ☆13Jan 24, 2026Updated 3 weeks ago
• HCRitter / PSCommitSecretScanner

  View on GitHub
  This Module Helps to Scan a Commit History of a Repo for Leakage of Secrets
  ☆15Apr 26, 2025Updated 9 months ago
• LearningKijo / ResearchDev

  View on GitHub
  ResearchDev - XDR & SIEM Detection
  ☆67Apr 16, 2025Updated 10 months ago
• f-bader / SentinelARConverter

  View on GitHub
  Sentinel Analytics Rule converter PowerShell module
  ☆65Dec 17, 2025Updated 2 months ago
• FalconForceTeam / reply-url-brute

  View on GitHub
  Tool to enumerate unregistered reply URLs for single and multitenant apps in Azure
  ☆15Jan 23, 2025Updated last year
• mardahl / ExchangeOnlineScripts

  View on GitHub
  Powershell scripts meant to assist administrators of Exchange Online
  ☆16Jan 15, 2026Updated last month
• alexverboon / SentinelTIUploadToolkit

  View on GitHub
  Sentinel Threat Intelligence Upload Toolkit
  ☆18Jul 15, 2024Updated last year
• jsa2 / kql

  View on GitHub
  KQL for Azure Resource Manager and AppID search
  ☆23Aug 15, 2024Updated last year
• jsa2 / EAST

  View on GitHub
  Extensible Azure Security Tool - Documentation
  ☆83Jun 1, 2023Updated 2 years ago
• svrooij / TokenMagician

  View on GitHub
  PowerShell module to help getting tokens using managed identities
  ☆17Dec 29, 2024Updated last year
• 0xAnalyst / DefenderATPQueries

  View on GitHub
  Hunting Queries for Defender ATP
  ☆83Dec 14, 2025Updated 2 months ago
• javiersoriano / sentinelascode

  View on GitHub
  Enable the automatic deployment of Azure Sentinel using code
  ☆117May 3, 2022Updated 3 years ago
• msdirtbag / MicrosoftPurpleTeamToolkit

  View on GitHub
  ☆45Apr 10, 2024Updated last year
• Yaniv-Shasha / SecurityCopilot

  View on GitHub
  ☆21Jan 19, 2026Updated 3 weeks ago
• Azure / MDEASM-Solutions

  View on GitHub
  Solutions developed by the MDEASM Customer Experience Engineering (CxE) Go-To Production (GTP) team for Azure MDEASM
  ☆29Feb 3, 2025Updated last year
• ManuelBerrueta / urlyzer

  View on GitHub
  urlyzer is a URL parsing analysis tool.
  ☆24Jul 27, 2024Updated last year
• le0li9ht / Microsoft-Sentinel-Queries

  View on GitHub
  KQL queries for cyber defense and for solving daily issues
  ☆55Jul 28, 2025Updated 6 months ago
• scautomation / Bicep-AzureMonitor-Sentinel

  View on GitHub
  Bicep examples repo for log analytics, azure monitor and sentinel
  ☆26Mar 16, 2023Updated 2 years ago
• m4nbat / KustQueryLanguage_kql

  View on GitHub
  Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting
  ☆68Dec 7, 2025Updated 2 months ago
• DanielChronlund / DCToolbox

  View on GitHub
  Tools for Microsoft cloud fans
  ☆372Nov 26, 2024Updated last year
• cudeso / misp2sentinel

  View on GitHub
  MISP to Sentinel integration
  ☆79Feb 6, 2026Updated last week
• Atomics-on-A-Friday / Emulation-Tools

  View on GitHub
  ☆31Mar 21, 2023Updated 2 years ago
• microsoft / MicrosoftAzureCloudHSM

  View on GitHub
  Azure Cloud HSM SDK
  ☆17Feb 5, 2026Updated last week
• JamesGrahamMSFT / DefenderMasterclass1

  View on GitHub
  This is a repository for the Microsoft Defender Masterclass series.
  ☆30Jun 28, 2021Updated 4 years ago
• NikolisSecurity / PhantomID

  View on GitHub
  A powerful hardware ID spoofing tool designed to modify system identifiers for privacy and security purposes. Change MAC addresses, HWID,…
  ☆17Nov 26, 2025Updated 2 months ago
• ep3p / Sentinel_KQL

  View on GitHub
  In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…
  ☆134Dec 18, 2025Updated last month
• Squiblydoo / certReport

  View on GitHub
  A tool to support the reporting of Authenticode Certificates by reducing the effort on individuals to report.
  ☆38Dec 22, 2025Updated last month
• referefref / sinon

  View on GitHub
  Automation tool for Windows Deception Host Burn-In
  ☆86Dec 4, 2024Updated last year
• santisq / PSParallelPipeline

  View on GitHub
  Parallel processing of pipeline input objects!
  ☆35Oct 28, 2025Updated 3 months ago
• davidnx / baby-kusto-csharp

  View on GitHub
  A self-contained execution engine for the Kusto Query Language (KQL) written in C#
  ☆38Sep 29, 2023Updated 2 years ago
• KnudsenMorten / AzLogDcrIngestPS

  View on GitHub
  AzLogDcrIngestPS - Unleashing the power of Log Ingestion API with Azure LogAnalytics custom table v2, Azure Data Collection Rules and Azu…
  ☆34Jan 26, 2025Updated last year