inodee / spl-to-kqlView external linksLinks
The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.
☆44Nov 7, 2020Updated 5 years ago
Alternatives and similar repositories for spl-to-kql
Users that are interested in spl-to-kql are comparing it to the libraries listed below
Sorting:
- Misc. content for Microsoft Sentinel☆18Apr 12, 2024Updated last year
- ☆34May 30, 2023Updated 2 years ago
- GitHub action for validating Microsoft Sentinel detection rules☆14May 22, 2023Updated 2 years ago
- Sentinel BEC IR☆14Aug 18, 2022Updated 3 years ago
- ☆59Jul 18, 2024Updated last year
- A collection of things I've created or found that I think is useful for Azure Sentinel.☆18Jan 28, 2026Updated 2 weeks ago
- Splunk code (SPL) for serious threat hunters and detection engineers.☆289Jan 15, 2024Updated 2 years ago
- Repository with Sample KQL Query examples for Threat Hunting☆217Sep 1, 2022Updated 3 years ago
- Programming Microsoft Sentinel book☆25Dec 13, 2023Updated 2 years ago
- ☆67Jan 20, 2026Updated 3 weeks ago
- KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.☆18Nov 7, 2024Updated last year
- A small crappy script I wrote that converts the Sigma Windows Process Creation events to KQL via PySigma. Designed for CI/CD☆10Nov 7, 2023Updated 2 years ago
- A series of cloud focused KQL queries for threat hunting and DFIR☆11Oct 21, 2025Updated 3 months ago
- Azure Sentinel KQL☆469Jul 28, 2025Updated 6 months ago
- ☆34Nov 11, 2025Updated 3 months ago
- Generates a detailed CSV file containing Sigma Rules statistics for each service or category, and each level, offering a holistic view of…☆10Dec 22, 2023Updated 2 years ago
- Monitor/Archive of Azure IAM (Role Definitions and Provider Operations). Tweets at https://twitter.com/maiam_bot☆10Updated this week
- Assorted, MIT licensed, threat hunting rules from @bradleyjkemp☆14Mar 11, 2022Updated 3 years ago
- Detection rules and threat hunting queries in Defender XDR and Azure Sentinel☆16Updated this week
- Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)☆24Mar 3, 2023Updated 2 years ago
- Advanced Threat Hunting: Ransomware Group☆29Jul 9, 2025Updated 7 months ago
- Resources, tools and utilities about Threat Intelligence☆82Mar 18, 2023Updated 2 years ago
- sKaleQL is an opinionated template repository for managing, executing, and organizing Kusto Query Language (KQL) queries against Azure Lo…☆19May 20, 2025Updated 8 months ago
- [ARCHIVED -- USE TXT2DETECTION] A command line tool that converts Sigma Rules into STIX 2.1 Objects.☆12Jan 13, 2025Updated last year
- Synapse Rapid Power-up for SinkDB☆11Jun 24, 2025Updated 7 months ago
- An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…☆172Updated this week
- KQL Sentinel and Defender Detection and Hunting Queries.☆15Feb 4, 2026Updated last week
- Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR☆16Nov 7, 2025Updated 3 months ago
- Basic c2-matrix analysis enviroment using Suricata + Wazuh + Elastic stack☆12Apr 18, 2020Updated 5 years ago
- Azure OpenAI Playbook created for Microsoft Sentinel☆13May 2, 2024Updated last year
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆13Jan 24, 2026Updated 2 weeks ago
- ☆20Apr 10, 2025Updated 10 months ago
- Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.☆613Oct 17, 2025Updated 3 months ago
- Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.☆137Feb 5, 2026Updated last week
- Threat intelligence and threat detection indicators (IOC, IOA)☆52Nov 27, 2020Updated 5 years ago
- ☆59Jul 19, 2023Updated 2 years ago
- In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…☆134Dec 18, 2025Updated last month
- Bulk turn on Analytic rules in Azure Sentinel☆19Oct 7, 2021Updated 4 years ago
- Home repo for documentation and links to resources☆12Jul 25, 2019Updated 6 years ago