inodee/spl-to-kql external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

inodee/spl-to-kql

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/inodee/spl-to-kql)

Close

inodee / spl-to-kqlView on GitHubMore

• External links
• Readme badge

The idea is simply to save some quick notes that will make it easier for Splunk users to leverage KQL (Kusto), especially giving projects requiring both technologies (Splunk and Azure/Sentinel) or any other hybrid environments. Feel free to add/suggest entries.

☆44Nov 7, 2020Updated 5 years ago

Alternatives and similar repositories for spl-to-kql

Users that are interested in spl-to-kql are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• h0ffayyy / MicrosoftSentinelStuff

  View on GitHub
  Misc. content for Microsoft Sentinel
  ☆17Apr 12, 2024Updated 2 years ago
• TheCloudScout / sentinel-pricing

  View on GitHub
  ☆34May 30, 2023Updated 2 years ago
• jostuffl / AzureSentinel_Stuff

  View on GitHub
  A collection of things I've created or found that I think is useful for Azure Sentinel.
  ☆18Jan 28, 2026Updated 3 months ago
• ItzHerbie / KQL

  View on GitHub
  Detection rules and threat hunting queries in Defender XDR and Azure Sentinel
  ☆17Mar 13, 2026Updated 2 months ago
• DATCResearch / Sentinel-UseCase-BEC365-IR

  View on GitHub
  Sentinel BEC IR
  ☆14Aug 18, 2022Updated 3 years ago
• Managed Kubernetes at scale on DigitalOcean • Ad
  DigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
• rod-trent / SentinelPlaybooks

  View on GitHub
  ☆60Jul 18, 2024Updated last year
• KernelCaleb / Kustonomicon

  View on GitHub
  A series of cloud focused KQL queries for threat hunting and DFIR
  ☆12Oct 21, 2025Updated 7 months ago
• SubashGhimire / Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-Defender

  View on GitHub
  KQL Sentinel and Defender Detection and Hunting Queries.
  ☆16Feb 24, 2026Updated 3 months ago
• KustoKing / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Detections for Microsoft Sentinel and Microsoft 365 Defender
  ☆21Nov 15, 2024Updated last year
• lorisAmbrozzo / KQL-Queries

  View on GitHub
  Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR
  ☆17Nov 7, 2025Updated 6 months ago
• dmrellan / Visual-Auditing-Security-Workbook-with-Microsoft-Sentinel

  View on GitHub
  ☆35Nov 11, 2025Updated 6 months ago
• f-bader / DefenderAndSentinelQueries

  View on GitHub
  Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
  ☆146May 19, 2026Updated last week
• rcegan / ConvertSigmaRepo2KQL

  View on GitHub
  A small crappy script I wrote that converts the Sigma Windows Process Creation events to KQL via PySigma. Designed for CI/CD
  ☆10Nov 7, 2023Updated 2 years ago
• ml58158 / AzureOpenAI-Playbook

  View on GitHub
  Azure OpenAI Playbook created for Microsoft Sentinel
  ☆13May 2, 2024Updated 2 years ago
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• SecureHats / validate-detections

  View on GitHub
  GitHub action for validating Microsoft Sentinel detection rules
  ☆14May 22, 2023Updated 3 years ago
• inodee / threathunting-spl

  View on GitHub
  Splunk code (SPL) for serious threat hunters and detection engineers.
  ☆293Jan 15, 2024Updated 2 years ago
• rod-trent / SentinelKQL

  View on GitHub
  Azure Sentinel KQL
  ☆478Jul 28, 2025Updated 9 months ago
• f-bader / SentinelARConverter

  View on GitHub
  Sentinel Analytics Rule converter PowerShell module
  ☆69Feb 24, 2026Updated 3 months ago
• markolauren / sentinel

  View on GitHub
  ☆69Apr 20, 2026Updated last month
• MSSAPSCA1 / Azure_Sentinel

  View on GitHub
  Bulk turn on Analytic rules in Azure Sentinel
  ☆18Oct 7, 2021Updated 4 years ago
• garybushey / ProgrammingMicrosoftSentinel

  View on GitHub
  Programming Microsoft Sentinel book
  ☆24Dec 13, 2023Updated 2 years ago
• ashwin-patil / blue-teaming-with-kql

  View on GitHub
  Repository with Sample KQL Query examples for Threat Hunting
  ☆218Sep 1, 2022Updated 3 years ago
• easimon / azure-builtin-roles

  View on GitHub
  Monitor/Archive of Azure IAM (Role Definitions and Provider Operations). Tweets at https://twitter.com/maiam_bot
  ☆10May 18, 2026Updated last week
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• le0li9ht / Microsoft-Sentinel-Queries

  View on GitHub
  KQL queries for cyber defense and for solving daily issues
  ☆55Jul 28, 2025Updated 9 months ago
• reprise99 / kql-for-dfir

  View on GitHub
  A guide to using Azure Data Explorer and KQL for DFIR
  ☆124May 16, 2022Updated 4 years ago
• ep3p / Sentinel_KQL

  View on GitHub
  In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…
  ☆139Apr 24, 2026Updated last month
• mr-r3b00t / KQL

  View on GitHub
  This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet
  ☆13Jan 24, 2026Updated 4 months ago
• Azure / Azure-Sentinel-Notebooks

  View on GitHub
  Interactive Azure Sentinel Notebooks provides security insights and actions to investigate anomalies and hunt for malicious behaviors.
  ☆619Oct 17, 2025Updated 7 months ago
• 0xbythesecond / Azure-SOC-Honeynet-Project

  View on GitHub
  Built a mini HoneyNet in Azure and ingest log sources from various resources into a Log Analytics workspace
  ☆24Jul 19, 2023Updated 2 years ago
• tiburon-security / sriracha-iq

  View on GitHub
  Rapid cybersecurity toolkit based on Elastic in Docker. Designed to quickly build elastic-based environments to analyze and execute threa…
  ☆18Apr 10, 2020Updated 6 years ago
• FalconForceTeam / FalconFriday

  View on GitHub
  Hunting queries and detections
  ☆911May 7, 2026Updated 2 weeks ago
• Bert-JanP / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…
  ☆1,694May 10, 2026Updated 2 weeks ago
• Bare Metal GPUs on DigitalOcean Gradient AI • Ad
  Purpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
• eshlomo1 / Microsoft-Sentinel-SecOps

  View on GitHub
  Microsoft Sentinel SOC Operations
  ☆265Jul 10, 2024Updated last year
• murchisd / splunk_pstree_app

  View on GitHub
  Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)
  ☆24Mar 30, 2026Updated last month
• javiersoriano / sentinel-all-in-one

  View on GitHub
  ☆60Jul 19, 2023Updated 2 years ago
• AdamMOdell / OSINT-equals-star

  View on GitHub
  OSINT=*, Chrome extension that searches all the threat feeds
  ☆11Dec 5, 2021Updated 4 years ago
• javiersoriano / sentinel-training

  View on GitHub
  ☆40Sep 29, 2021Updated 4 years ago
• CTI-Driven / Advanced-Threat-Hunting-Ransomware-Groups-Affiliates

  View on GitHub
  Advanced Threat Hunting: Ransomware Group
  ☆29Jul 9, 2025Updated 10 months ago
• 0xAnalyst / DefenderATPQueries

  View on GitHub
  Hunting Queries for Defender ATP
  ☆83Apr 1, 2026Updated last month