inodee/spl-to-kql external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

inodee/spl-to-kql

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/inodee/spl-to-kql)

Close

inodee / spl-to-kqlView on GitHubMore

• External links
• Readme badge

The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.

☆44Nov 7, 2020Updated 5 years ago

Alternatives and similar repositories for spl-to-kql

Users that are interested in spl-to-kql are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• h0ffayyy / MicrosoftSentinelStuff

  View on GitHub
  Misc. content for Microsoft Sentinel
  ☆17Apr 12, 2024Updated 2 years ago
• TheCloudScout / sentinel-pricing

  View on GitHub
  ☆34May 30, 2023Updated 2 years ago
• jostuffl / AzureSentinel_Stuff

  View on GitHub
  A collection of things I've created or found that I think is useful for Azure Sentinel.
  ☆18Jan 28, 2026Updated 3 months ago
• ItzHerbie / KQL

  View on GitHub
  Detection rules and threat hunting queries in Defender XDR and Azure Sentinel
  ☆17Mar 13, 2026Updated last month
• DATCResearch / Sentinel-UseCase-BEC365-IR

  View on GitHub
  Sentinel BEC IR
  ☆14Aug 18, 2022Updated 3 years ago
• Deploy on Railway without the complexity - Free Credits Offer • Ad
  Connect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
• rod-trent / SentinelPlaybooks

  View on GitHub
  ☆60Jul 18, 2024Updated last year
• KernelCaleb / Kustonomicon

  View on GitHub
  A series of cloud focused KQL queries for threat hunting and DFIR
  ☆12Oct 21, 2025Updated 6 months ago
• dmrellan / Visual-Auditing-Security-Workbook-with-Microsoft-Sentinel

  View on GitHub
  ☆35Nov 11, 2025Updated 5 months ago
• SubashGhimire / Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-Defender

  View on GitHub
  KQL Sentinel and Defender Detection and Hunting Queries.
  ☆16Feb 24, 2026Updated 2 months ago
• KustoKing / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Detections for Microsoft Sentinel and Microsoft 365 Defender
  ☆21Nov 15, 2024Updated last year
• lorisAmbrozzo / KQL-Queries

  View on GitHub
  Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR
  ☆17Nov 7, 2025Updated 5 months ago
• f-bader / AzSentinelQueries

  View on GitHub
  Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
  ☆144Apr 25, 2026Updated last week
• rcegan / ConvertSigmaRepo2KQL

  View on GitHub
  A small crappy script I wrote that converts the Sigma Windows Process Creation events to KQL via PySigma. Designed for CI/CD
  ☆10Nov 7, 2023Updated 2 years ago
• ml58158 / AzureOpenAI-Playbook

  View on GitHub
  Azure OpenAI Playbook created for Microsoft Sentinel
  ☆13May 2, 2024Updated 2 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• SecureHats / validate-detections

  View on GitHub
  GitHub action for validating Microsoft Sentinel detection rules
  ☆14May 22, 2023Updated 2 years ago
• inodee / threathunting-spl

  View on GitHub
  Splunk code (SPL) for serious threat hunters and detection engineers.
  ☆293Jan 15, 2024Updated 2 years ago
• rod-trent / SentinelKQL

  View on GitHub
  Azure Sentinel KQL
  ☆475Jul 28, 2025Updated 9 months ago
• f-bader / SentinelARConverter

  View on GitHub
  Sentinel Analytics Rule converter PowerShell module
  ☆68Feb 24, 2026Updated 2 months ago
• markolauren / sentinel

  View on GitHub
  ☆69Apr 20, 2026Updated 2 weeks ago
• MSSAPSCA1 / Azure_Sentinel

  View on GitHub
  Bulk turn on Analytic rules in Azure Sentinel
  ☆18Oct 7, 2021Updated 4 years ago
• garybushey / ProgrammingMicrosoftSentinel

  View on GitHub
  Programming Microsoft Sentinel book
  ☆24Dec 13, 2023Updated 2 years ago
• ashwin-patil / blue-teaming-with-kql

  View on GitHub
  Repository with Sample KQL Query examples for Threat Hunting
  ☆218Sep 1, 2022Updated 3 years ago
• easimon / azure-builtin-roles

  View on GitHub
  Monitor/Archive of Azure IAM (Role Definitions and Provider Operations). Tweets at https://twitter.com/maiam_bot
  ☆10Updated this week
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
• le0li9ht / Microsoft-Sentinel-Queries

  View on GitHub
  KQL queries for cyber defense and for solving daily issues
  ☆55Jul 28, 2025Updated 9 months ago
• reprise99 / kql-for-dfir

  View on GitHub
  A guide to using Azure Data Explorer and KQL for DFIR
  ☆124May 16, 2022Updated 3 years ago
• ep3p / Sentinel_KQL

  View on GitHub
  In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…
  ☆139Apr 24, 2026Updated last week
• mr-r3b00t / KQL

  View on GitHub
  This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet
  ☆13Jan 24, 2026Updated 3 months ago
• Azure / Azure-Sentinel-Notebooks

  View on GitHub
  Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
  ☆618Oct 17, 2025Updated 6 months ago
• 0xbythesecond / Azure-SOC-Honeynet-Project

  View on GitHub
  Built a mini HoneyNet in Azure and ingest log sources from various resources into a Log Analytics workspace
  ☆24Jul 19, 2023Updated 2 years ago
• tiburon-security / sriracha-iq

  View on GitHub
  Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…
  ☆18Apr 10, 2020Updated 6 years ago
• FalconForceTeam / FalconFriday

  View on GitHub
  Hunting queries and detections
  ☆901Oct 30, 2025Updated 6 months ago
• Bert-JanP / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…
  ☆1,690Apr 13, 2026Updated 3 weeks ago
• Serverless GPU API endpoints on Runpod - Get Bonus Credits • Ad
  Skip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
• eshlomo1 / Microsoft-Sentinel-SecOps

  View on GitHub
  Microsoft Sentinel SOC Operations
  ☆264Jul 10, 2024Updated last year
• murchisd / splunk_pstree_app

  View on GitHub
  Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
  ☆24Mar 30, 2026Updated last month
• javiersoriano / sentinel-all-in-one

  View on GitHub
  ☆60Jul 19, 2023Updated 2 years ago
• AdamMOdell / OSINT-equals-star

  View on GitHub
  OSINT=*, Chrome extension that searches all the threat feeds
  ☆11Dec 5, 2021Updated 4 years ago
• javiersoriano / sentinel-training

  View on GitHub
  ☆39Sep 29, 2021Updated 4 years ago
• CTI-Driven / Advanced-Threat-Hunting-Ransomware-Groups-Affiliates

  View on GitHub
  Advanced Threat Hunting: Ransomware Group
  ☆28Jul 9, 2025Updated 9 months ago
• 0xAnalyst / DefenderATPQueries

  View on GitHub
  Hunting Queries for Defender ATP
  ☆83Apr 1, 2026Updated last month