inodee / spl-to-kql
The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.
☆39Updated 4 years ago
Alternatives and similar repositories for spl-to-kql:
Users that are interested in spl-to-kql are comparing it to the libraries listed below
- ☆72Updated 4 months ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆32Updated 3 weeks ago
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- ☆41Updated last year
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆31Updated 3 months ago
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆52Updated last year
- ☆46Updated 3 weeks ago
- Notes on responding to security breaches relating to Azure AD☆100Updated 2 years ago
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆38Updated 3 years ago
- ☆41Updated 3 years ago
- Azure function to insert MISP data in to Azure Sentinel☆31Updated 2 years ago
- Sentinel BEC IR☆15Updated 2 years ago
- List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…☆25Updated 3 years ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆35Updated this week
- Advanced Hunting Queries for Microsoft Security Products☆106Updated 2 years ago
- Jupyter notebooks☆23Updated 4 years ago
- A collection of various SIEM rules relating to malware family groups.☆65Updated 8 months ago
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆128Updated 2 years ago
- A WDAC configuration repository with the sole intention of enriching MDE☆28Updated 2 years ago
- Microsoft Threat Protection Advance Hunting Cheat Sheet☆79Updated 4 years ago
- Hunting Queries for Defender ATP☆80Updated 3 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆76Updated 9 months ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆78Updated 5 months ago
- ☆27Updated 5 months ago
- Collection of scripts/resources/ideas for attack surface reduction and additional logging to enable better threat hunting on Windows endp…☆38Updated 10 months ago
- A guide to using Azure Data Explorer and KQL for DFIR☆102Updated 2 years ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆62Updated last month
- KQL queries for cyber defense and for solving daily issues☆48Updated 3 weeks ago
- The ultimate solution for remotely deploying Crowdstrike sensors quickly and discreetly on any other EDR platform.☆22Updated 5 months ago
- Full of public notes and Utilities☆97Updated last week