inodee / spl-to-kqlLinks
The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.
☆44Updated 4 years ago
Alternatives and similar repositories for spl-to-kql
Users that are interested in spl-to-kql are comparing it to the libraries listed below
Sorting:
- ☆73Updated last year
- Advanced Hunting Queries for Microsoft Security Products☆107Updated 2 years ago
- MDE relies on some of the Audit settings to be enabled☆100Updated 3 years ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆40Updated last month
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆54Updated 2 years ago
- Notes on responding to security breaches relating to Azure AD☆117Updated 3 years ago
- A guide to using Azure Data Explorer and KQL for DFIR☆112Updated 3 years ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆65Updated 6 months ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆94Updated 3 months ago
- ☆42Updated 2 years ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆117Updated 6 months ago
- GitHub action for validating Microsoft Sentinel detection rules☆14Updated 2 years ago
- Hunting Queries for Defender ATP☆81Updated last week
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆40Updated 11 months ago
- Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features…☆41Updated 5 years ago
- This code snippet retrieves Azure Sentinel rules that are mapped to MITRE ATT&CK Framework and generates the related MITRE D3FEND defense…☆73Updated 4 years ago
- ☆43Updated 4 years ago
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆39Updated 4 years ago
- Azure function to insert MISP data in to Azure Sentinel☆32Updated 3 years ago
- A collection of various SIEM rules relating to malware family groups.☆70Updated last year
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆37Updated 3 years ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆97Updated 2 months ago
- ☆61Updated 2 years ago
- KQL queries for cyber defense and for solving daily issues☆52Updated 2 months ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆115Updated last year
- Sentinel BEC IR☆15Updated 3 years ago
- A PowerShell incident response script for quick triage☆81Updated 3 years ago
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆140Updated 2 years ago
- Cloud-native SIEM for intelligent security analytics for your entire enterprise.☆20Updated 3 years ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆78Updated last year