inodee / spl-to-kql
The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.
☆42Updated 4 years ago
Alternatives and similar repositories for spl-to-kql
Users that are interested in spl-to-kql are comparing it to the libraries listed below
Sorting:
- REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.☆32Updated 3 months ago
- ☆72Updated 6 months ago
- Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs☆53Updated last year
- MDE relies on some of the Audit settings to be enabled☆97Updated 2 years ago
- A collection of various SIEM rules relating to malware family groups.☆66Updated 10 months ago
- A guide to using Azure Data Explorer and KQL for DFIR☆102Updated 2 years ago
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆36Updated 6 months ago
- An automated deployment tool that creates instrumented Azure environments with vulnerable systems for simulating attacks and testing Micr…☆42Updated 2 weeks ago
- KQL queries for cyber defense and for solving daily issues☆49Updated 3 months ago
- ☆29Updated last week
- Azure function to insert MISP data in to Azure Sentinel☆32Updated 2 years ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆79Updated 8 months ago
- ☆47Updated last month
- ☆41Updated 2 years ago
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆64Updated last month
- Summiting the Pyramid is a research project focused on engineering cyber analytics to make adversary evasion more difficult. The research…☆38Updated last month
- Conference presentations☆47Updated last year
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆39Updated 4 years ago
- ☆41Updated 3 years ago
- Jupyter notebooks☆25Updated 4 years ago
- Cloud Analytics helps defenders detect attacks to their cloud infrastructure by developing behavioral analytics for cloud platforms as we…☆53Updated 2 years ago
- Hunting Queries for Defender ATP☆81Updated 3 weeks ago
- Notes on responding to security breaches relating to Azure AD☆111Updated 3 years ago
- ☆30Updated last year
- A preconfigured Velociraptor triage collector☆51Updated last week
- List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…☆26Updated 3 years ago
- Generates a detailed CSV file containing Sigma Rules statistics for each service or category, and each level, offering a holistic view of…☆10Updated last year
- Velociraptor Server hosted in Azure App Service☆38Updated this week
- Cloud-native SIEM for intelligent security analytics for your entire enterprise.☆20Updated 3 years ago
- A WDAC configuration repository with the sole intention of enriching MDE☆28Updated 2 years ago