inodee / spl-to-kqlLinks
The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.
☆43Updated 4 years ago
Alternatives and similar repositories for spl-to-kql
Users that are interested in spl-to-kql are comparing it to the libraries listed below
Sorting:
- ☆72Updated 8 months ago
- MDE relies on some of the Audit settings to be enabled☆98Updated 3 years ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆36Updated 5 months ago
- Notes on responding to security breaches relating to Azure AD☆115Updated 3 years ago
- Advanced Hunting Queries for Microsoft Security Products☆107Updated 2 years ago
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆55Updated last year
- ☆41Updated 2 years ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆91Updated 2 weeks ago
- Hunting Queries for Defender ATP☆82Updated 2 months ago
- A guide to using Azure Data Explorer and KQL for DFIR☆107Updated 3 years ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆65Updated 3 months ago
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆39Updated 8 months ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆114Updated 3 months ago
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆39Updated 4 years ago
- A collection of various SIEM rules relating to malware family groups.☆66Updated last year
- Azure function to insert MISP data in to Azure Sentinel☆32Updated 2 years ago
- List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…☆27Updated 4 years ago
- An automated deployment tool that creates instrumented Azure environments with vulnerable systems for simulating attacks and testing Micr…☆55Updated last month
- Velociraptor Server hosted in Azure App Service☆55Updated last month
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆134Updated 2 years ago
- Full of public notes and Utilities☆117Updated 5 months ago
- Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features…☆41Updated 4 years ago
- Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations☆94Updated 11 months ago
- ☆43Updated 4 years ago
- MISP to Sentinel integration☆68Updated last month
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆77Updated last year
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆79Updated 10 months ago
- This code snippet retrieves Azure Sentinel rules that are mapped to MITRE ATT&CK Framework and generates the related MITRE D3FEND defense…☆72Updated 4 years ago
- ☆99Updated last week
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆89Updated last year