inodee/spl-to-kql external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

inodee/spl-to-kql

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/inodee/spl-to-kql)

Close

inodee / spl-to-kqlView on GitHubMore

• External links
• Readme badge

The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.

☆44Nov 7, 2020Updated 5 years ago

Alternatives and similar repositories for spl-to-kql

Users that are interested in spl-to-kql are comparing it to the libraries listed below

• h0ffayyy / MicrosoftSentinelStuff

  View on GitHub
  Misc. content for Microsoft Sentinel
  ☆18Apr 12, 2024Updated last year
• TheCloudScout / sentinel-pricing

  View on GitHub
  ☆34May 30, 2023Updated 2 years ago
• DATCResearch / Sentinel-UseCase-BEC365-IR

  View on GitHub
  Sentinel BEC IR
  ☆14Aug 18, 2022Updated 3 years ago
• SecureHats / validate-detections

  View on GitHub
  GitHub action for validating Microsoft Sentinel detection rules
  ☆14May 22, 2023Updated 2 years ago
• rod-trent / SentinelPlaybooks

  View on GitHub
  ☆59Jul 18, 2024Updated last year
• jostuffl / AzureSentinel_Stuff

  View on GitHub
  A collection of things I've created or found that I think is useful for Azure Sentinel.
  ☆18Jan 28, 2026Updated last month
• inodee / threathunting-spl

  View on GitHub
  Splunk code (SPL) for serious threat hunters and detection engineers.
  ☆290Jan 15, 2024Updated 2 years ago
• ashwin-patil / blue-teaming-with-kql

  View on GitHub
  Repository with Sample KQL Query examples for Threat Hunting
  ☆217Sep 1, 2022Updated 3 years ago
• garybushey / ProgrammingMicrosoftSentinel

  View on GitHub
  Programming Microsoft Sentinel book
  ☆25Dec 13, 2023Updated 2 years ago
• rcegan / ConvertSigmaRepo2KQL

  View on GitHub
  A small crappy script I wrote that converts the Sigma Windows Process Creation events to KQL via PySigma. Designed for CI/CD
  ☆10Nov 7, 2023Updated 2 years ago
• KernelCaleb / Kustonomicon

  View on GitHub
  A series of cloud focused KQL queries for threat hunting and DFIR
  ☆11Oct 21, 2025Updated 4 months ago
• francoisfried / Defender-Advanced-Hunting-Queries

  View on GitHub
  KQL queries for Microsoft Defender Advanced Hunting organized around the TTPs of the MITRE ATT&CK framework.
  ☆18Nov 7, 2024Updated last year
• markolauren / sentinel

  View on GitHub
  ☆67Jan 20, 2026Updated last month
• rod-trent / SentinelKQL

  View on GitHub
  Azure Sentinel KQL
  ☆472Jul 28, 2025Updated 7 months ago
• dmrellan / Visual-Auditing-Security-Workbook-with-Microsoft-Sentinel

  View on GitHub
  ☆34Nov 11, 2025Updated 3 months ago
• bradleyjkemp / threathunting

  View on GitHub
  Assorted, MIT licensed, threat hunting rules from @bradleyjkemp
  ☆14Mar 11, 2022Updated 3 years ago
• ItzHerbie / KQL

  View on GitHub
  Detection rules and threat hunting queries in Defender XDR and Azure Sentinel
  ☆16Feb 11, 2026Updated 3 weeks ago
• easimon / azure-builtin-roles

  View on GitHub
  Monitor/Archive of Azure IAM (Role Definitions and Provider Operations). Tweets at https://twitter.com/maiam_bot
  ☆10Updated this week
• rowham / WinSigmaRuleAnalyzer

  View on GitHub
  Generates a detailed CSV file containing Sigma Rules statistics for each service or category, and each level, offering a holistic view of…
  ☆10Dec 22, 2023Updated 2 years ago
• murchisd / splunk_pstree_app

  View on GitHub
  Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
  ☆24Mar 3, 2023Updated 3 years ago
• CTI-Driven / Advanced-Threat-Hunting-Ransomware-Groups-Affiliates

  View on GitHub
  Advanced Threat Hunting: Ransomware Group
  ☆29Jul 9, 2025Updated 7 months ago
• pstirparo / threatintel-resources

  View on GitHub
  Resources, tools and utilities about Threat Intelligence
  ☆84Mar 18, 2023Updated 2 years ago
• christosgalano / sKaleQL

  View on GitHub
  sKaleQL is an opinionated template repository for managing, executing, and organizing Kusto Query Language (KQL) queries against Azure Lo…
  ☆19May 20, 2025Updated 9 months ago
• captainGeech42 / synapse-sinkdb

  View on GitHub
  Synapse Rapid Power-up for SinkDB
  ☆11Jun 24, 2025Updated 8 months ago
• muchdogesec / feeds-sigmahq

  View on GitHub
  [ARCHIVED -- USE TXT2DETECTION] A command line tool that converts Sigma Rules into STIX 2.1 Objects.
  ☆12Feb 19, 2026Updated 2 weeks ago
• adanalvarez / TrailDiscover

  View on GitHub
  An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and secur…
  ☆174Feb 22, 2026Updated last week
• mrwadams / otx-mcp

  View on GitHub
  ☆20Apr 10, 2025Updated 10 months ago
• lorisAmbrozzo / KQL-Queries

  View on GitHub
  Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR
  ☆16Nov 7, 2025Updated 3 months ago
• SubashGhimire / Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-Defender

  View on GitHub
  KQL Sentinel and Defender Detection and Hunting Queries.
  ☆15Feb 24, 2026Updated last week
• ml58158 / AzureOpenAI-Playbook

  View on GitHub
  Azure OpenAI Playbook created for Microsoft Sentinel
  ☆13May 2, 2024Updated last year
• h0rv4th / c2matrix-analyzer

  View on GitHub
  Basic c2-matrix analysis enviroment using Suricata + Wazuh + Elastic stack
  ☆12Apr 18, 2020Updated 5 years ago
• 0xbythesecond / Azure-SOC-Honeynet-Project

  View on GitHub
  Built a mini HoneyNet in Azure and ingest log sources from various resources into a Log Analytics workspace
  ☆24Jul 19, 2023Updated 2 years ago
• mr-r3b00t / KQL

  View on GitHub
  This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet
  ☆13Jan 24, 2026Updated last month
• Azure / Azure-Sentinel-Notebooks

  View on GitHub
  Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
  ☆617Oct 17, 2025Updated 4 months ago
• f-bader / AzSentinelQueries

  View on GitHub
  Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
  ☆137Feb 25, 2026Updated last week
• swisscom / detections

  View on GitHub
  Threat intelligence and threat detection indicators (IOC, IOA)
  ☆52Nov 27, 2020Updated 5 years ago
• ep3p / Sentinel_KQL

  View on GitHub
  In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…
  ☆134Dec 18, 2025Updated 2 months ago
• Cyb3rWard0g / IntelRAGU

  View on GitHub
  Intel Retrieval Augmented Generation (RAG) Utilities
  ☆91Jan 29, 2024Updated 2 years ago
• pydefenders / pydefenders

  View on GitHub
  Home repo for documentation and links to resources
  ☆12Jul 25, 2019Updated 6 years ago