cylaris / awesomekqlView external linksLinks
Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs
☆55Jul 20, 2023Updated 2 years ago
Alternatives and similar repositories for awesomekql
Users that are interested in awesomekql are comparing it to the libraries listed below
Sorting:
- Azure function to insert MISP data in to Azure Sentinel☆34Oct 19, 2022Updated 3 years ago
- Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.☆132Updated this week
- ☆14Feb 22, 2021Updated 4 years ago
- Misc. content for Microsoft Sentinel☆18Apr 12, 2024Updated last year
- In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…☆134Dec 18, 2025Updated last month
- A collection of Cortex Analyzers and Responders for TheHive/Cortex☆13Jan 29, 2020Updated 6 years ago
- Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).☆800Jan 14, 2026Updated last month
- Azure Sentinel KQL☆470Jul 28, 2025Updated 6 months ago
- A curated list of blogs, videos, tutorials, queries and anything else valuable to help you learn and master KQL and Microsoft Sentinel☆240Feb 8, 2023Updated 3 years ago
- Content Repo for Demystifying KQL Tutorial Series☆72Sep 1, 2024Updated last year
- Collection of KQL queries☆1,609Jan 29, 2026Updated 2 weeks ago
- KQL queries for cyber defense and for solving daily issues☆55Jul 28, 2025Updated 6 months ago
- ☆34May 30, 2023Updated 2 years ago
- Various snippets created during malware analysis☆22Apr 29, 2018Updated 7 years ago
- Semantic analysis with neural networks☆10Feb 18, 2021Updated 4 years ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆68Dec 7, 2025Updated 2 months ago
- Export Microsoft Sentinel artifacts like Analytical Rules, Hunting Queries, Workbooks in order to support new feature Repositories CI/CD …☆59Sep 15, 2022Updated 3 years ago
- The Sentinel.blog Repository provides automation tools for updating Analytics Rules, Content Hub Solutions, and Workbooks, eliminating re…☆17Updated this week
- Please use https://github.com/veeral-patel/true-positive instead☆71Jan 19, 2023Updated 3 years ago
- Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.☆137Updated this week
- Collaborative, web-based case management for incident response☆24Jan 23, 2024Updated 2 years ago
- Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.☆484Nov 22, 2024Updated last year
- Pritunl Access Control System☆10Feb 16, 2023Updated 3 years ago
- My logstash plugins. Filter: sig (for security detect -> IOC, sig, New value, Reference, link, frequence, ...). Output: alert created by …☆10Jul 26, 2019Updated 6 years ago
- This repository provide a json file for all Windows security Event IDs with lot of useful informations (Categories, GPO, Volume, Recomman…☆11Mar 2, 2023Updated 2 years ago
- Welcome to Project KillChain, a comprehensive GitHub repository for Red and Blue Teams. This repository houses tools, scripts, technique…☆113Aug 17, 2024Updated last year
- Bicep examples repo for log analytics, azure monitor and sentinel☆26Mar 16, 2023Updated 2 years ago
- Python script to automatically create sigma rules from The hive observables☆25Mar 17, 2019Updated 6 years ago
- Sharing my KQL queries for Azure Sentinel☆206Feb 9, 2026Updated last week
- KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…☆1,634Updated this week
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆827Updated this week
- Sentinel Recon Tools Workbook☆14Aug 24, 2022Updated 3 years ago
- A collection of cybsecurity tools, software, libraries, learning tutorials, frameworks, academic and practical resources in security.☆18Feb 29, 2024Updated last year
- cryptam document malware analysis tool☆12Jun 18, 2023Updated 2 years ago
- Incident response teams usually working on the offline data, collecting the evidence, then analyze the data☆45Jan 2, 2022Updated 4 years ago
- Kaseya REvil CNC domains☆12Jan 30, 2024Updated 2 years ago
- Guidance and collateral for troubleshooting and managing Azure Sentinel data costs.☆28Oct 9, 2023Updated 2 years ago
- Repository with Sample KQL Query examples for Threat Hunting☆215Sep 1, 2022Updated 3 years ago
- Threat Detection & Anomaly Detection rules for popular open-source components☆53Jul 27, 2022Updated 3 years ago