inodee / spl-to-kql
The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.
☆40Updated 4 years ago
Alternatives and similar repositories for spl-to-kql:
Users that are interested in spl-to-kql are comparing it to the libraries listed below
- ☆72Updated 5 months ago
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆52Updated last year
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- Notes on responding to security breaches relating to Azure AD☆104Updated 3 years ago
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆32Updated 2 months ago
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆35Updated 4 months ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆79Updated 6 months ago
- Advanced Hunting Queries for Microsoft Security Products☆106Updated 2 years ago
- KQL queries for cyber defense and for solving daily issues☆48Updated 2 months ago
- A collection of various SIEM rules relating to malware family groups.☆65Updated 9 months ago
- A guide to using Azure Data Explorer and KQL for DFIR☆102Updated 2 years ago
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆39Updated 3 years ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆63Updated 2 weeks ago
- ☆46Updated last week
- Hunting Queries for Defender ATP☆81Updated this week
- Cloud-native SIEM for intelligent security analytics for your entire enterprise.☆20Updated 3 years ago
- ☆41Updated last year
- ☆27Updated 6 months ago
- Azure function to insert MISP data in to Azure Sentinel☆31Updated 2 years ago
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆36Updated this week
- Microsoft Threat Protection Advance Hunting Cheat Sheet☆79Updated 4 years ago
- ☆30Updated last year
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆90Updated last month
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆76Updated 10 months ago
- Dettectinator - The Python library to your DeTT&CT YAML files.☆109Updated 2 months ago
- Solution to deploy a Sentinel playground demo environment☆57Updated last year
- MISP to Sentinel integration☆63Updated 3 months ago
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆12Updated 3 weeks ago
- Links and guidance related to the return on mitigation report in the Microsoft Digital Defense Report☆27Updated last year