inodee / spl-to-kqlLinks
The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.
☆43Updated 4 years ago
Alternatives and similar repositories for spl-to-kql
Users that are interested in spl-to-kql are comparing it to the libraries listed below
Sorting:
- ☆73Updated 10 months ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆37Updated last week
- MDE relies on some of the Audit settings to be enabled☆98Updated 3 years ago
- Notes on responding to security breaches relating to Azure AD☆115Updated 3 years ago
- Advanced Hunting Queries for Microsoft Security Products☆108Updated 2 years ago
- ☆42Updated 2 years ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆92Updated last month
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆55Updated 2 years ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆93Updated last week
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆65Updated 4 months ago
- Azure function to insert MISP data in to Azure Sentinel☆32Updated 2 years ago
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆40Updated 9 months ago
- Hunting Queries for Defender ATP☆82Updated 4 months ago
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated last year
- A guide to using Azure Data Explorer and KQL for DFIR☆110Updated 3 years ago
- ☆101Updated last month
- Dettectinator - The Python library to your DeTT&CT YAML files.☆116Updated 4 months ago
- A collection of various SIEM rules relating to malware family groups.☆69Updated last year
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆47Updated 3 months ago
- RRR (Rapid Response Reporting) is a collection of Incident Response Report objects. They are designed to help incident responders provid…☆37Updated 3 years ago
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆136Updated 2 years ago
- Full of public notes and Utilities☆128Updated 6 months ago
- SigmaHQ pySigma CrowdStrike processing pipeline☆26Updated last week
- Jupyter notebooks☆25Updated 4 years ago
- This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…☆17Updated 2 years ago
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆89Updated last year
- OSSEM Data Dictionaries☆62Updated 7 months ago
- The Infosec Community Definitive Guide to Jupyter Notebooks☆125Updated 4 years ago
- ☆43Updated 4 years ago
- Sentinel BEC IR☆15Updated 3 years ago