some KQL Queries for Advanced Hunting
☆71Mar 12, 2026Updated last week
Alternatives and similar repositories for KQLAdvancedHunting
Users that are interested in KQLAdvancedHunting are comparing it to the libraries listed below
Sorting:
- Block abused TLDs in Tenant Allow BlockList☆14Jan 21, 2026Updated last month
- A WDAC configuration repository with the sole intention of enriching MDE☆30Jun 18, 2025Updated 9 months ago
- KQL Queries☆34Feb 17, 2026Updated last month
- Automatic Microsoft Sentinel Deployment☆16Apr 1, 2025Updated 11 months ago
- Advanced Threat Hunting: Ransomware Group☆29Jul 9, 2025Updated 8 months ago
- An automated deployment tool that creates instrumented Azure environments with vulnerable systems for simulating attacks and testing Micr…☆63Jul 27, 2025Updated 7 months ago
- Repository for Software Certs for easy software blocking across corp environments, for example, using MDE IOC☆66Mar 13, 2026Updated last week
- Automatically generated Sysmon parser for Azure Sentinel☆18Jan 6, 2026Updated 2 months ago
- Defender XDR Advanced Hunting Queries (MDE, MDAV, Device Discovery)☆12Jan 22, 2026Updated last month
- Automated security investigation tool using Microsoft MCP Servers, GitHub Copilot, Python Modules and custom copilot-instructions.☆53Updated this week
- Share Information about Microsoft Security Products☆47Updated this week
- Projected developed for fun only that simulates APT 29 and Lockbit TTPs, showcasing phishing, ISO execution, and DLL proxying for persist…☆61May 3, 2024Updated last year
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆196Updated this week
- scripts to use against the Nessus Professional API☆14Jan 23, 2024Updated 2 years ago
- PowerShell-based Automation of Defender for Endpoint☆188Jul 3, 2025Updated 8 months ago
- KustoHawk is a lightweight incident triage and response tool designed for effective incident response in Microsoft Defender XDR and Micro…☆136Jan 11, 2026Updated 2 months ago
- This tool is designed to assist you in analyzing issues related to Defender for Endpoint on your local endpoint. It offers a centralized …☆99Mar 11, 2026Updated last week
- ☆13May 8, 2025Updated 10 months ago
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,661Mar 9, 2026Updated last week
- The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect…☆81Feb 10, 2026Updated last month
- A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…☆762Aug 28, 2025Updated 6 months ago
- This repository has been archived. Please use https://github.com/microsoft/InclusivenessAnalyzerVisualStudio Roslyn analyzer that provid…☆14Sep 20, 2022Updated 3 years ago
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆834Updated this week
- Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL☆279Aug 28, 2024Updated last year
- Application Insights for PowerShell scripts and Modules☆12Jan 22, 2019Updated 7 years ago
- SharePoint Sample Search Configurations☆10Dec 2, 2023Updated 2 years ago
- The Azure Hyper-V Lab makes virtualization on Azure effortless, perfect for experimenting, learning, and building proof-of-concepts.☆15May 17, 2025Updated 10 months ago
- ☆13Dec 12, 2022Updated 3 years ago
- This sample Cordova application enumerates files stored in OneDrive for Business☆14Nov 28, 2022Updated 3 years ago
- ☆13May 5, 2025Updated 10 months ago
- ☆55Jan 19, 2026Updated 2 months ago
- Package Management (OneGet) provider that facilitates installing Chocolatey packages from any NuGet repository.☆13Oct 23, 2020Updated 5 years ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆119Aug 19, 2025Updated 7 months ago
- Conditional Access baseline for March 2025☆12Mar 4, 2025Updated last year
- Simple GUI for Microsoft Defender for Endpoint API machine actions in PowerShell.☆41Jan 11, 2023Updated 3 years ago
- ☆39Updated this week
- A massive collection of Cybersecurity papers, guides and reports.☆10Jan 3, 2025Updated last year
- ☆18Apr 16, 2022Updated 3 years ago
- A simple provider to analyse what gets passed into Microsoft's Anti-Malware Scan Interface☆17Jan 10, 2020Updated 6 years ago