some KQL Queries for Advanced Hunting
☆75Apr 23, 2026Updated last week
Alternatives and similar repositories for KQLAdvancedHunting
Users that are interested in KQLAdvancedHunting are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Block abused TLDs in Tenant Allow BlockList☆15Jan 21, 2026Updated 3 months ago
- Automated security investigation tool using Microsoft MCP Servers, GitHub Copilot, Python Modules and custom copilot-instructions.☆187Apr 22, 2026Updated last week
- Advanced Threat Hunting: Ransomware Group☆28Jul 9, 2025Updated 9 months ago
- A WDAC configuration repository with the sole intention of enriching MDE☆30Jun 18, 2025Updated 10 months ago
- KQL Queries☆39Updated this week
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Repository for Software Certs for easy software blocking across corp environments, for example, using MDE IOC☆68Apr 23, 2026Updated last week
- Automatic Microsoft Sentinel Deployment☆16Apr 1, 2025Updated last year
- ☆12Mar 28, 2026Updated last month
- PowerShell-based Automation of Defender for Endpoint☆191Jul 3, 2025Updated 9 months ago
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆881Apr 19, 2026Updated last week
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆199Apr 22, 2026Updated last week
- An automated deployment tool that creates instrumented Azure environments with vulnerable systems for simulating attacks and testing Micr…☆65Mar 30, 2026Updated 3 weeks ago
- Defender XDR Advanced Hunting Queries (MDE, MDAV, Device Discovery)☆13Apr 20, 2026Updated last week
- Automatically generated Sysmon parser for Azure Sentinel☆18Jan 6, 2026Updated 3 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,687Apr 13, 2026Updated 2 weeks ago
- Projected developed for fun only that simulates APT 29 and Lockbit TTPs, showcasing phishing, ISO execution, and DLL proxying for persist…☆62May 3, 2024Updated last year
- ☆22Jan 31, 2023Updated 3 years ago
- KQL Sentinel and Defender Detection and Hunting Queries.☆16Feb 24, 2026Updated 2 months ago
- This tool is designed to assist you in analyzing issues related to Defender for Endpoint on your local endpoint. It offers a centralized …☆104Mar 27, 2026Updated last month
- KustoHawk is a lightweight incident triage and response tool designed for effective incident response in Microsoft Defender XDR and Micro…☆149Apr 1, 2026Updated 3 weeks ago
- Share Information about Microsoft Security Products☆65Apr 23, 2026Updated last week
- Maintained by the ANY.RUN team, this repository provides YARA rules to help detect and classify various malware families and other malici…☆27Nov 1, 2025Updated 5 months ago
- The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect…☆82Feb 10, 2026Updated 2 months ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- A mirror image of my detection rules☆103Updated this week
- ☆15May 8, 2025Updated 11 months ago
- A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…☆768Aug 28, 2025Updated 8 months ago
- This directory contains presentations and related materials of my speaking engagements. I also use this to record historical presentation…☆17Feb 13, 2025Updated last year
- This repository has been archived. Please use https://github.com/microsoft/InclusivenessAnalyzerVisualStudio Roslyn analyzer that provid…☆14Sep 20, 2022Updated 3 years ago
- My personal work with Copilot for Security☆199Jun 27, 2025Updated 10 months ago
- A function to make console spinners from PowerShell...☆18Dec 26, 2020Updated 5 years ago
- Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL☆283Aug 28, 2024Updated last year
- All about Microsoft 365 Enterprise Mobility + Security (EMS)☆25Dec 3, 2023Updated 2 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Application Insights for PowerShell scripts and Modules☆12Jan 22, 2019Updated 7 years ago
- SharePoint Sample Search Configurations☆10Dec 2, 2023Updated 2 years ago
- The Azure Hyper-V Lab makes virtualization on Azure effortless, perfect for experimenting, learning, and building proof-of-concepts.☆15May 17, 2025Updated 11 months ago
- ☆77Feb 27, 2026Updated 2 months ago
- ☆13Dec 12, 2022Updated 3 years ago
- Sharing my KQL queries for Azure Sentinel☆209Apr 22, 2026Updated last week
- ☆13May 5, 2025Updated 11 months ago