gmellini / Microsoft-Defender-Security-Center-Hunting-QueriesView external linksLinks
Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview
☆40Apr 8, 2021Updated 4 years ago
Alternatives and similar repositories for Microsoft-Defender-Security-Center-Hunting-Queries
Users that are interested in Microsoft-Defender-Security-Center-Hunting-Queries are comparing it to the libraries listed below
Sorting:
- List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…☆26Jun 30, 2021Updated 4 years ago
- Advanced Hunting Queries for Microsoft Security Products☆108Jan 10, 2023Updated 3 years ago
- ☆10Dec 24, 2022Updated 3 years ago
- Core module for Forgiva Enterprise connecting Forgiva Server to Forgiva Webclient.☆13Mar 28, 2022Updated 3 years ago
- gundog - guided hunting in Microsoft Defender☆52Apr 29, 2021Updated 4 years ago
- ☆13Feb 6, 2018Updated 8 years ago
- ☆15Feb 9, 2022Updated 4 years ago
- ☆10Oct 25, 2020Updated 5 years ago
- Winterfell hunt is a python script to perform auto threat hunting for malicious activities in windows OS based on collected data by winte…☆15Jul 23, 2020Updated 5 years ago
- Noob Penetration tester☆11Jul 17, 2025Updated 6 months ago
- Assist analyst and threat hunters to understand Windows authentication logs and to analyze brutforce scenarios.☆20Jul 1, 2023Updated 2 years ago
- Links to malware-related YARA rules☆15Sep 29, 2022Updated 3 years ago
- Information about most important hunts which can be performed by Threat hunters while searching for any adversary/threats inside the orga…☆15May 18, 2019Updated 6 years ago
- Repository with Sample KQL Query examples for Threat Hunting☆215Sep 1, 2022Updated 3 years ago
- A simple injector that uses LoadLibraryA☆18Jun 14, 2020Updated 5 years ago
- ☆20Mar 21, 2024Updated last year
- SIEGMA - Transform Sigma rules into SIEM consumables☆159Mar 10, 2025Updated 11 months ago
- evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.☆158Nov 30, 2021Updated 4 years ago
- Adversary Simulation Framework☆39Aug 19, 2025Updated 5 months ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆79Sep 9, 2024Updated last year
- A guide to using Azure Data Explorer and KQL for DFIR☆124May 16, 2022Updated 3 years ago
- ☆18Mar 26, 2024Updated last year
- Sample queries for Advanced hunting in Microsoft 365 Defender☆2,048Feb 17, 2022Updated 3 years ago
- Log4j Exploit Detection Logic for Zeek☆19Nov 25, 2025Updated 2 months ago
- Volatility 3 Plugins☆21Oct 3, 2022Updated 3 years ago
- ☆21Dec 22, 2020Updated 5 years ago
- ☆21Mar 8, 2021Updated 4 years ago
- MCP to help Defenders Detection Engineer Harder and Smarter☆242Updated this week
- Python tool for kidnapping Chrome cookies from a MacOS target☆22Oct 5, 2022Updated 3 years ago
- ☆23Dec 15, 2022Updated 3 years ago
- Script to test NetSec capabilities.☆21May 1, 2023Updated 2 years ago
- A proof-of-concept re-assembler for reverse VNC traffic.☆24May 21, 2023Updated 2 years ago
- The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects…☆44Nov 7, 2020Updated 5 years ago
- This repository was created to aid in the deployment/maintenance of the Sysmon service on a large number of computers.☆83Mar 20, 2023Updated 2 years ago
- ThreatHunt is a PowerShell repository that allows you to train your threat hunting skills.☆135Jul 25, 2019Updated 6 years ago
- Michael Melone's Kusto Query library☆20Nov 17, 2023Updated 2 years ago
- shellDAVpass application is the Open-Source project, the main idea of which is to bypass the defender and AntiVirus detections to conduct…☆28Oct 3, 2025Updated 4 months ago
- Pushes Sysmon Configs☆90Jun 11, 2021Updated 4 years ago
- Azure AD Incident Response☆27Oct 8, 2021Updated 4 years ago