Production-ready KQL queries for Microsoft Defender XDR and Microsoft Sentinel. Focused on Threat Hunting, Detection Engineering, and MITRE ATT&CK mapping.
☆102Jun 2, 2026Updated last week
Alternatives and similar repositories for KQLAdvancedHunting
Users that are interested in KQLAdvancedHunting are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Block abused TLDs in Tenant Allow BlockList☆15Updated this week
- Automated security investigation tool using Microsoft MCP Servers, GitHub Copilot, Python Modules and custom copilot-instructions.☆204May 30, 2026Updated last week
- A WDAC configuration repository with the sole intention of enriching MDE☆30Jun 18, 2025Updated 11 months ago
- KQL Queries☆41May 13, 2026Updated 3 weeks ago
- Repository for Software Certs for easy software blocking across corp environments, for example, using MDE IOC☆71Updated this week
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Automatic Microsoft Sentinel Deployment☆16Apr 1, 2025Updated last year
- ☆12Mar 28, 2026Updated 2 months ago
- PowerShell-based Automation of Defender for Endpoint☆195Jul 3, 2025Updated 11 months ago
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆901Updated this week
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆201Jun 2, 2026Updated last week
- An automated deployment tool that creates instrumented Azure environments with vulnerable systems for simulating attacks and testing Micr…☆65Mar 30, 2026Updated 2 months ago
- Defender XDR Advanced Hunting Queries (MDE, MDAV, Device Discovery)☆13May 20, 2026Updated 2 weeks ago
- Automatically generated Sysmon parser for Azure Sentinel☆18Jan 6, 2026Updated 5 months ago
- AutoMSF is a Python script designed for fast generation and deployment of multiple types of Meterpreter reverse_https payloads. Created t…☆19Mar 20, 2025Updated last year
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,707May 22, 2026Updated 2 weeks ago
- Projected developed for fun only that simulates APT 29 and Lockbit TTPs, showcasing phishing, ISO execution, and DLL proxying for persist…☆63May 3, 2024Updated 2 years ago
- ☆22Jan 31, 2023Updated 3 years ago
- KQL Sentinel and Defender Detection and Hunting Queries.☆16Feb 24, 2026Updated 3 months ago
- This tool is designed to assist you in analyzing issues related to Defender for Endpoint on your local endpoint. It offers a centralized …☆104Mar 27, 2026Updated 2 months ago
- Share Information about Microsoft Security Products☆102Jun 1, 2026Updated last week
- Maintained by the ANY.RUN team, this repository provides YARA rules to help detect and classify various malware families and other malici…☆28Nov 1, 2025Updated 7 months ago
- KustoHawk is a lightweight incident triage and response tool designed for effective incident response in Microsoft Defender XDR and Micro…☆157Apr 1, 2026Updated 2 months ago
- The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect…☆82May 28, 2026Updated last week
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- ☆16May 8, 2025Updated last year
- A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…☆774Jun 1, 2026Updated last week
- This directory contains presentations and related materials of my speaking engagements. I also use this to record historical presentation…☆18Feb 13, 2025Updated last year
- This repository has been archived. Please use https://github.com/microsoft/InclusivenessAnalyzerVisualStudio Roslyn analyzer that provid…☆14Sep 20, 2022Updated 3 years ago
- A mirror image of my detection rules☆144Updated this week
- My personal work with Copilot for Security☆203Jun 27, 2025Updated 11 months ago
- A function to make console spinners from PowerShell...☆18Dec 26, 2020Updated 5 years ago
- All about Microsoft 365 Enterprise Mobility + Security (EMS)☆25Dec 3, 2023Updated 2 years ago
- Application Insights for PowerShell scripts and Modules☆12Jan 22, 2019Updated 7 years ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- SharePoint Sample Search Configurations☆11May 4, 2026Updated last month
- The Azure Hyper-V Lab makes virtualization on Azure effortless, perfect for experimenting, learning, and building proof-of-concepts.☆15May 17, 2025Updated last year
- ☆77Feb 27, 2026Updated 3 months ago
- Sharing my KQL queries for Azure Sentinel☆219May 23, 2026Updated 2 weeks ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆120Aug 19, 2025Updated 9 months ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆813Jan 14, 2026Updated 4 months ago
- Conditional Access baseline for March 2025☆12Mar 4, 2025Updated last year