inodee / spl-to-kql
The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.
☆38Updated 4 years ago
Related projects ⓘ
Alternatives and complementary repositories for spl-to-kql
- ☆70Updated last month
- Notes on responding to security breaches relating to Azure AD☆96Updated 2 years ago
- A guide to using Azure Data Explorer and KQL for DFIR☆97Updated 2 years ago
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- KQL queries for cyber defense and for solving daily issues☆44Updated last month
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆27Updated 3 weeks ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆57Updated 3 weeks ago
- Full of public notes and Utilities☆87Updated last week
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆31Updated 6 months ago
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆36Updated 3 years ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆81Updated last month
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆51Updated last year
- A collection of various SIEM rules relating to malware family groups.☆62Updated 5 months ago
- Hunting Queries for Defender ATP☆73Updated last week
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆77Updated 2 months ago
- GitHub action for validating Microsoft Sentinel detection rules☆12Updated last year
- ☆49Updated last year
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆75Updated 6 months ago
- Microsoft Threat Protection Advance Hunting Cheat Sheet☆78Updated 4 years ago
- ☆43Updated last month
- Dettectinator - The Python library to your DeTT&CT YAML files.☆104Updated this week
- Collection of Microsoft Identity Threat Detection and Response resources.☆35Updated 3 weeks ago
- ☆40Updated last year
- Detection of obfuscated Powershell commands☆54Updated last year
- Advanced Hunting Queries for Microsoft Security Products☆106Updated last year
- ☆52Updated last year
- ☆17Updated 2 years ago
- Cloud-native SIEM for intelligent security analytics for your entire enterprise.☆20Updated 3 years ago
- Expose a lot of MDE telemetry that is not easily accessible in any searchable form☆100Updated 4 months ago
- Links and guidance related to the return on mitigation report in the Microsoft Digital Defense Report☆27Updated last year