microsoft/AzDetectSuite external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

microsoft/AzDetectSuite

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/microsoft/AzDetectSuite)

Close

microsoft / AzDetectSuiteView on GitHubMore

• External links
• Readme badge

A collection of ARM-based detections for Azure/AzureAD based TTPs

☆90Dec 12, 2023Updated 2 years ago

Alternatives and similar repositories for AzDetectSuite

Users that are interested in AzDetectSuite are comparing it to the libraries listed below

• FalconForceTeam / FalconForge

  View on GitHub
  This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…
  ☆18Mar 10, 2023Updated 3 years ago
• f-bader / SentinelARConverter

  View on GitHub
  Sentinel Analytics Rule converter PowerShell module
  ☆67Feb 24, 2026Updated 3 weeks ago
• FalconForceTeam / KQLAnalyzer

  View on GitHub
  REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
  ☆51Sep 22, 2025Updated 5 months ago
• ugurkocde / KQL-Search

  View on GitHub
  ☆31Sep 4, 2023Updated 2 years ago
• SecureHats / validate-detections

  View on GitHub
  GitHub action for validating Microsoft Sentinel detection rules
  ☆14May 22, 2023Updated 2 years ago
• HybridBrothers / Hybrid-Brothers-Projects

  View on GitHub
  This repository contains various public projects created by the owners of Hybrid Brothers
  ☆21Nov 3, 2023Updated 2 years ago
• seanstark / sentinel-tools

  View on GitHub
  various tools for Microsoft Sentinel
  ☆32Jun 26, 2025Updated 8 months ago
• Bert-JanP / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…
  ☆1,661Mar 9, 2026Updated last week
• microsoft / sentinel-as-code

  View on GitHub
  ☆23Oct 13, 2025Updated 5 months ago
• briandelmsft / SentinelAutomationModules

  View on GitHub
  The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
  ☆276Jan 2, 2026Updated 2 months ago
• rod-trent / SentinelKQL

  View on GitHub
  Azure Sentinel KQL
  ☆471Jul 28, 2025Updated 7 months ago
• rootsecdev / Presentations

  View on GitHub
  Presentations from Conferences
  ☆31Sep 14, 2024Updated last year
• easimon / azure-builtin-roles

  View on GitHub
  Monitor/Archive of Azure IAM (Role Definitions and Provider Operations). Tweets at https://twitter.com/maiam_bot
  ☆10Updated this week
• reprise99 / Sentinel-Queries

  View on GitHub
  Collection of KQL queries
  ☆1,621Jan 29, 2026Updated last month
• Cloud-Architekt / AzureSentinel

  View on GitHub
  Sharing my KQL queries for Azure Sentinel
  ☆208Feb 9, 2026Updated last month
• kmcquade / awesome-azure-security

  View on GitHub
  A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.
  ☆460Oct 4, 2023Updated 2 years ago
• LearningKijo / KQL

  View on GitHub
  Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
  ☆486Nov 22, 2024Updated last year
• AzureAD / Azure-AD-Incident-Response-PowerShell-Module

  View on GitHub
  The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Produc…
  ☆451Jun 16, 2023Updated 2 years ago
• Bert-JanP / Sentinel-Automation

  View on GitHub
  Sentinel Logic Apps, Playbooks and Workbooks to automate enrichment, incident analysis and more.
  ☆116Jan 18, 2026Updated 2 months ago
• CTI-Driven / Advanced-Threat-Hunting-Ransomware-Groups-Affiliates

  View on GitHub
  Advanced Threat Hunting: Ransomware Group
  ☆29Jul 9, 2025Updated 8 months ago
• DATCResearch / Sentinel-UseCase-BEC365-IR

  View on GitHub
  Sentinel BEC IR
  ☆14Aug 18, 2022Updated 3 years ago
• mvelazc0 / BadZure

  View on GitHub
  BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating them with diverse en…
  ☆505Mar 4, 2026Updated 2 weeks ago
• wortell / KQL

  View on GitHub
  KQL queries for Advanced Hunting
  ☆177Jan 16, 2020Updated 6 years ago
• ep3p / Sentinel_KQL

  View on GitHub
  In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…
  ☆135Updated this week
• chlaplan / MDE-Monitoring-App

  View on GitHub
  Troubleshooting MDE Workstations
  ☆42Jan 7, 2026Updated 2 months ago
• 0xAnalyst / DefenderATPQueries

  View on GitHub
  Hunting Queries for Defender ATP
  ☆83Dec 14, 2025Updated 3 months ago
• haxxm0nkey / azhunt

  View on GitHub
  Azure AD (Entra ID) enumeration tool. Find related domains and tenant information in a simple way.
  ☆35Oct 4, 2024Updated last year
• SubashGhimire / Hunting-Queries-and-Detection-Rule-Microsoft-Sentinel-Defender

  View on GitHub
  KQL Sentinel and Defender Detection and Hunting Queries.
  ☆16Feb 24, 2026Updated 3 weeks ago
• stefanpems / sentinel-utilities

  View on GitHub
  Utilities for Microsoft Sentinel
  ☆20Dec 7, 2025Updated 3 months ago
• ml58158 / AzureOpenAI-Playbook

  View on GitHub
  Azure OpenAI Playbook created for Microsoft Sentinel
  ☆13May 2, 2024Updated last year
• jsa2 / caOptics

  View on GitHub
  CA Optics - Azure AD Conditional Access Gap Analyzer
  ☆335Aug 28, 2024Updated last year
• Cloud-Architekt / AzureAD-Attack-Defense

  View on GitHub
  This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and …
  ☆2,478Dec 31, 2025Updated 2 months ago
• nathanmcnulty / nathanmcnulty

  View on GitHub
  ☆412Mar 12, 2026Updated last week
• OTRF / Microsoft-Sentinel2Go

  View on GitHub
  Microsoft Sentinel2Go is an open source project developed to expedite the deployment of a Microsoft Sentinel research lab.
  ☆587Jan 22, 2025Updated last year
• HolgerWache / MachineConfiguration

  View on GitHub
  ☆16May 26, 2023Updated 2 years ago
• MHaggis / ASRGEN

  View on GitHub
  ASR Configurator, Essentials and Atomic Testing
  ☆104Apr 14, 2025Updated 11 months ago
• microsoft / Microsoft-Defender-for-Identity

  View on GitHub
  Additional resources to improve customer experience with Microsoft Defender for Identity
  ☆121Sep 12, 2025Updated 6 months ago
• lorisAmbrozzo / KQL-Queries

  View on GitHub
  Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR
  ☆16Nov 7, 2025Updated 4 months ago
• microsoft / KqlTools

  View on GitHub
  A command line tool to explore real-time streams of events.
  ☆89Feb 14, 2025Updated last year