some KQL Queries for Advanced Hunting
☆61Feb 11, 2026Updated 2 weeks ago
Alternatives and similar repositories for KQLAdvancedHunting
Users that are interested in KQLAdvancedHunting are comparing it to the libraries listed below
Sorting:
- KQL Queries☆33Feb 17, 2026Updated last week
- Block abused TLDs in Tenant Allow BlockList☆14Jan 21, 2026Updated last month
- A WDAC configuration repository with the sole intention of enriching MDE☆30Jun 18, 2025Updated 8 months ago
- An automated deployment tool that creates instrumented Azure environments with vulnerable systems for simulating attacks and testing Micr…☆62Jul 27, 2025Updated 7 months ago
- KustoHawk is a lightweight incident triage and response tool designed for effective incident response in Microsoft Defender XDR and Micro…☆129Jan 11, 2026Updated last month
- Maintained by the ANY.RUN team, this repository provides YARA rules to help detect and classify various malware families and other malici…☆26Nov 1, 2025Updated 3 months ago
- PowerShell-based Automation of Defender for Endpoint☆186Jul 3, 2025Updated 7 months ago
- Repository for Software Certs for easy software blocking across corp environments, for example, using MDE IOC☆64Feb 18, 2026Updated last week
- All about Microsoft 365 Enterprise Mobility + Security (EMS)☆25Dec 3, 2023Updated 2 years ago
- Advanced Threat Hunting: Ransomware Group☆29Jul 9, 2025Updated 7 months ago
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆831Feb 21, 2026Updated last week
- A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…☆758Aug 28, 2025Updated 6 months ago
- Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL☆281Aug 28, 2024Updated last year
- A massive collection of Cybersecurity papers, guides and reports.☆10Jan 3, 2025Updated last year
- ☆85Feb 6, 2026Updated 3 weeks ago
- Content Repo for Demystifying KQL Tutorial Series☆72Sep 1, 2024Updated last year
- A tool to modify timestamps in a packet capture to a user selected date☆31Aug 11, 2021Updated 4 years ago
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,638Updated this week
- ☆34Nov 16, 2023Updated 2 years ago
- Public SOA modules and information☆50Feb 17, 2026Updated last week
- The Sentinel.blog Repository provides automation tools for updating Analytics Rules, Content Hub Solutions, and Workbooks, eliminating re…☆17Updated this week
- Ready-made Windows Sandbox launch profiles and scripts that automate the routine☆18Feb 1, 2023Updated 3 years ago
- Table Top Exercise (TTX) for Computer Security Incident Response (CSIRT) teams. The templatized artifacts provided will hopefully help te…☆44Sep 8, 2020Updated 5 years ago
- Repository resource for threat hunter☆158Sep 14, 2018Updated 7 years ago
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆196Updated this week
- RisingSun: Decoding SUNBURST C2 to identify infected hosts without network telemetry.☆10Jan 14, 2021Updated 5 years ago
- 🌦️ Domain Ranker☆16Sep 7, 2019Updated 6 years ago
- Various shellcodes☆12Sep 1, 2020Updated 5 years ago
- Custom Queries, Dashboards, and HIPs Rules☆10Jan 13, 2018Updated 8 years ago
- This repository will contain source codes from the Tradecraft improvement blog series☆13Mar 27, 2025Updated 11 months ago
- Cyber | Cloud Security Checklist | Incident Response | Policy Template | Use cases☆13Nov 24, 2020Updated 5 years ago
- Collection of malware ioc hashes from blog posts. A Python script is provided to search through it.☆19Sep 10, 2020Updated 5 years ago
- Telegram Bot that performs checks of the yararules.com ruleset☆13May 13, 2016Updated 9 years ago
- ☆12Feb 9, 2025Updated last year
- A C# implementation that disables Windows Firewall bypassing UAC☆17Oct 23, 2024Updated last year
- How can you track the hunting techniques you come up with?☆13Sep 3, 2017Updated 8 years ago
- Pentester's toolbox☆12Jan 21, 2026Updated last month
- Disk Image Mounting Script☆11Jan 22, 2026Updated last month
- Subscriber and Bang submission handling☆10Mar 23, 2023Updated 2 years ago