inodee/spl-to-kql external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

inodee/spl-to-kql

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/inodee/spl-to-kql)

Close

inodee / spl-to-kqlView on GitHubMore

• External links
• Readme badge

The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.

☆44Nov 7, 2020Updated 5 years ago

Alternatives and similar repositories for spl-to-kql

Users that are interested in spl-to-kql are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• h0ffayyy / MicrosoftSentinelStuff

  View on GitHub
  Misc. content for Microsoft Sentinel
  ☆17Apr 12, 2024Updated last year
• TheCloudScout / sentinel-pricing

  View on GitHub
  ☆34May 30, 2023Updated 2 years ago
• jostuffl / AzureSentinel_Stuff

  View on GitHub
  A collection of things I've created or found that I think is useful for Azure Sentinel.
  ☆18Jan 28, 2026Updated last month
• ItzHerbie / KQL

  View on GitHub
  Detection rules and threat hunting queries in Defender XDR and Azure Sentinel
  ☆16Mar 13, 2026Updated last week
• DATCResearch / Sentinel-UseCase-BEC365-IR

  View on GitHub
  Sentinel BEC IR
  ☆14Aug 18, 2022Updated 3 years ago
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• rod-trent / SentinelPlaybooks

  View on GitHub
  ☆59Jul 18, 2024Updated last year
• KernelCaleb / Kustonomicon

  View on GitHub
  A series of cloud focused KQL queries for threat hunting and DFIR
  ☆11Oct 21, 2025Updated 5 months ago
• dmrellan / Visual-Auditing-Security-Workbook-with-Microsoft-Sentinel

  View on GitHub
  ☆34Nov 11, 2025Updated 4 months ago
• SubashGhimire / Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-Defender

  View on GitHub
  KQL Sentinel and Defender Detection and Hunting Queries.
  ☆16Feb 24, 2026Updated last month
• KustoKing / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Detections for Microsoft Sentinel and Microsoft 365 Defender
  ☆21Nov 15, 2024Updated last year
• lorisAmbrozzo / KQL-Queries

  View on GitHub
  Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR
  ☆17Nov 7, 2025Updated 4 months ago
• f-bader / AzSentinelQueries

  View on GitHub
  Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
  ☆140Updated this week
• rcegan / ConvertSigmaRepo2KQL

  View on GitHub
  A small crappy script I wrote that converts the Sigma Windows Process Creation events to KQL via PySigma. Designed for CI/CD
  ☆10Nov 7, 2023Updated 2 years ago
• ml58158 / AzureOpenAI-Playbook

  View on GitHub
  Azure OpenAI Playbook created for Microsoft Sentinel
  ☆13May 2, 2024Updated last year
• Simple, predictable pricing with DigitalOcean hosting • Ad
  Always know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
• SecureHats / validate-detections

  View on GitHub
  GitHub action for validating Microsoft Sentinel detection rules
  ☆14May 22, 2023Updated 2 years ago
• inodee / threathunting-spl

  View on GitHub
  Splunk code (SPL) for serious threat hunters and detection engineers.
  ☆291Jan 15, 2024Updated 2 years ago
• rod-trent / SentinelKQL

  View on GitHub
  Azure Sentinel KQL
  ☆471Jul 28, 2025Updated 7 months ago
• f-bader / SentinelARConverter

  View on GitHub
  Sentinel Analytics Rule converter PowerShell module
  ☆67Feb 24, 2026Updated last month
• markolauren / sentinel

  View on GitHub
  ☆67Mar 9, 2026Updated 2 weeks ago
• MSSAPSCA1 / Azure_Sentinel

  View on GitHub
  Bulk turn on Analytic rules in Azure Sentinel
  ☆19Oct 7, 2021Updated 4 years ago
• garybushey / ProgrammingMicrosoftSentinel

  View on GitHub
  Programming Microsoft Sentinel book
  ☆24Dec 13, 2023Updated 2 years ago
• ashwin-patil / blue-teaming-with-kql

  View on GitHub
  Repository with Sample KQL Query examples for Threat Hunting
  ☆218Sep 1, 2022Updated 3 years ago
• easimon / azure-builtin-roles

  View on GitHub
  Monitor/Archive of Azure IAM (Role Definitions and Provider Operations). Tweets at https://twitter.com/maiam_bot
  ☆10Updated this week
• GPU virtual machines on DigitalOcean Gradient AI • Ad
  Get to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
• le0li9ht / Microsoft-Sentinel-Queries

  View on GitHub
  KQL queries for cyber defense and for solving daily issues
  ☆55Jul 28, 2025Updated 7 months ago
• reprise99 / kql-for-dfir

  View on GitHub
  A guide to using Azure Data Explorer and KQL for DFIR
  ☆124May 16, 2022Updated 3 years ago
• ep3p / Sentinel_KQL

  View on GitHub
  In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…
  ☆135Mar 18, 2026Updated last week
• mr-r3b00t / KQL

  View on GitHub
  This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet
  ☆13Jan 24, 2026Updated 2 months ago
• Azure / Azure-Sentinel-Notebooks

  View on GitHub
  Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
  ☆617Oct 17, 2025Updated 5 months ago
• 0xbythesecond / Azure-SOC-Honeynet-Project

  View on GitHub
  Built a mini HoneyNet in Azure and ingest log sources from various resources into a Log Analytics workspace
  ☆24Jul 19, 2023Updated 2 years ago
• tiburon-security / sriracha-iq

  View on GitHub
  Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…
  ☆18Apr 10, 2020Updated 5 years ago
• FalconForceTeam / FalconFriday

  View on GitHub
  Hunting queries and detections
  ☆891Oct 30, 2025Updated 4 months ago
• Bert-JanP / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…
  ☆1,671Updated this week
• 1-Click AI Models by DigitalOcean Gradient • Ad
  Deploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click and start building anything your business needs.
• eshlomo1 / Microsoft-Sentinel-SecOps

  View on GitHub
  Microsoft Sentinel SOC Operations
  ☆264Jul 10, 2024Updated last year
• murchisd / splunk_pstree_app

  View on GitHub
  Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
  ☆24Mar 3, 2023Updated 3 years ago
• javiersoriano / sentinel-all-in-one

  View on GitHub
  ☆60Jul 19, 2023Updated 2 years ago
• AdamMOdell / OSINT-equals-star

  View on GitHub
  OSINT=*, Chrome extension that searches all the threat feeds
  ☆11Dec 5, 2021Updated 4 years ago
• javiersoriano / sentinel-training

  View on GitHub
  ☆39Sep 29, 2021Updated 4 years ago
• CTI-Driven / Advanced-Threat-Hunting-Ransomware-Groups-Affiliates

  View on GitHub
  Advanced Threat Hunting: Ransomware Group
  ☆29Jul 9, 2025Updated 8 months ago
• 0xAnalyst / DefenderATPQueries

  View on GitHub
  Hunting Queries for Defender ATP
  ☆83Dec 14, 2025Updated 3 months ago