inodee / spl-to-kqlLinks
The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.
☆43Updated 4 years ago
Alternatives and similar repositories for spl-to-kql
Users that are interested in spl-to-kql are comparing it to the libraries listed below
Sorting:
- ☆72Updated 7 months ago
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆54Updated last year
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆34Updated 4 months ago
- Advanced Hunting Queries for Microsoft Security Products☆107Updated 2 years ago
- MDE relies on some of the Audit settings to be enabled☆98Updated 2 years ago
- Hunting Queries for Defender ATP☆82Updated last month
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆39Updated 4 years ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆65Updated 2 months ago
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆37Updated 7 months ago
- A collection of various SIEM rules relating to malware family groups.☆66Updated 11 months ago
- Notes on responding to security breaches relating to Azure AD☆111Updated 3 years ago
- ☆41Updated 2 years ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆41Updated 3 weeks ago
- A guide to using Azure Data Explorer and KQL for DFIR☆103Updated 3 years ago
- ☆47Updated last month
- Tool to extract Sessions, MessageID(s) and find the emails belonging to MessageID(s). This script utilizes the MailItemsAccessed features…☆41Updated 4 years ago
- Velociraptor Server hosted in Azure App Service☆52Updated 3 weeks ago
- Cloud-native SIEM for intelligent security analytics for your entire enterprise.☆20Updated 3 years ago
- ☆29Updated last month
- KQL queries for cyber defense and for solving daily issues☆50Updated last week
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆79Updated 8 months ago
- ☆30Updated last year
- Azure function to insert MISP data in to Azure Sentinel☆32Updated 2 years ago
- An automated deployment tool that creates instrumented Azure environments with vulnerable systems for simulating attacks and testing Micr…☆45Updated last month
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆90Updated last week
- ☆42Updated 4 years ago
- List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…☆26Updated 3 years ago
- Convert Sigma rules to LogRhythm searches☆21Updated 3 years ago
- Full of public notes and Utilities☆113Updated 3 months ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆114Updated last year