inodee / spl-to-kql
The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.
☆40Updated 4 years ago
Alternatives and similar repositories for spl-to-kql:
Users that are interested in spl-to-kql are comparing it to the libraries listed below
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆32Updated last month
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆52Updated last year
- ☆72Updated 4 months ago
- Advanced Hunting Queries for Microsoft Security Products☆106Updated 2 years ago
- Notes on responding to security breaches relating to Azure AD☆101Updated 2 years ago
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆39Updated 3 years ago
- A guide to using Azure Data Explorer and KQL for DFIR☆102Updated 2 years ago
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- Hunting Queries for Defender ATP☆81Updated 2 weeks ago
- Microsoft Threat Protection Advance Hunting Cheat Sheet☆79Updated 4 years ago
- A collection of various SIEM rules relating to malware family groups.☆65Updated 8 months ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆63Updated this week
- Azure function to insert MISP data in to Azure Sentinel☆31Updated 2 years ago
- ☆41Updated 3 years ago
- ☆41Updated last year
- MISP to Sentinel integration☆63Updated 3 months ago
- Cloud-native SIEM for intelligent security analytics for your entire enterprise.☆20Updated 3 years ago
- List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…☆25Updated 3 years ago
- Provides an advanced input.conf file for Windows and 3rd party related software with more than 70 different event log mapped to the MITRE…☆90Updated 2 weeks ago
- Full of public notes and Utilities☆98Updated last month
- Detection of obfuscated Powershell commands☆54Updated last year
- Convert Sigma rules to LogRhythm searches☆20Updated 3 years ago
- ☆83Updated this week
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆35Updated 3 weeks ago
- ☆46Updated this week
- A browser extension for threat hunting that provides one UI for different SIEMs/EDRs and simplifies investigation☆76Updated 9 months ago
- Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.☆129Updated 2 years ago
- Invoke-Forensics provides PowerShell commands to simplify working with the forensic tools KAPE and RegRipper.☆112Updated last year
- Dettectinator - The Python library to your DeTT&CT YAML files.☆109Updated last month
- Small-scale threat emulation and detection range built on Elastic and Atomic Redteam.☆37Updated last year