microsoft/AzDetectSuite external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

microsoft/AzDetectSuite

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/microsoft/AzDetectSuite)

Close

microsoft / AzDetectSuiteView on GitHubMore

• External links
• Readme badge

A collection of ARM-based detections for Azure/AzureAD based TTPs

☆89Dec 12, 2023Updated 2 years ago

Alternatives and similar repositories for AzDetectSuite

Users that are interested in AzDetectSuite are comparing it to the libraries listed below

• FalconForceTeam / FalconForge

  View on GitHub
  This repository is used by FalconForce to release parts of the internal tools used for maintaining, validating and automatically deployin…
  ☆17Mar 10, 2023Updated 2 years ago
• FalconForceTeam / KQLAnalyzer

  View on GitHub
  REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
  ☆51Sep 22, 2025Updated 5 months ago
• f-bader / SentinelARConverter

  View on GitHub
  Sentinel Analytics Rule converter PowerShell module
  ☆65Updated this week
• SecureHats / validate-detections

  View on GitHub
  GitHub action for validating Microsoft Sentinel detection rules
  ☆14May 22, 2023Updated 2 years ago
• seanstark / sentinel-tools

  View on GitHub
  various tools for Microsoft Sentinel
  ☆32Jun 26, 2025Updated 8 months ago
• ugurkocde / KQL-Search

  View on GitHub
  ☆31Sep 4, 2023Updated 2 years ago
• easimon / azure-builtin-roles

  View on GitHub
  Monitor/Archive of Azure IAM (Role Definitions and Provider Operations). Tweets at https://twitter.com/maiam_bot
  ☆10Updated this week
• HybridBrothers / Hybrid-Brothers-Projects

  View on GitHub
  This repository contains various public projects created by the owners of Hybrid Brothers
  ☆21Nov 3, 2023Updated 2 years ago
• briandelmsft / SentinelAutomationModules

  View on GitHub
  The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
  ☆277Jan 2, 2026Updated last month
• Cloud-Architekt / AzureSentinel

  View on GitHub
  Sharing my KQL queries for Azure Sentinel
  ☆208Feb 9, 2026Updated 2 weeks ago
• DATCResearch / Sentinel-UseCase-BEC365-IR

  View on GitHub
  Sentinel BEC IR
  ☆14Aug 18, 2022Updated 3 years ago
• reprise99 / Sentinel-Queries

  View on GitHub
  Collection of KQL queries
  ☆1,611Jan 29, 2026Updated last month
• kmcquade / awesome-azure-security

  View on GitHub
  A curated list of awesome Microsoft Azure Security tools, guides, blogs, and other resources.
  ☆459Oct 4, 2023Updated 2 years ago
• rod-trent / SentinelKQL

  View on GitHub
  Azure Sentinel KQL
  ☆471Jul 28, 2025Updated 6 months ago
• AzureAD / Azure-AD-Incident-Response-PowerShell-Module

  View on GitHub
  The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Produc…
  ☆451Jun 16, 2023Updated 2 years ago
• stefanpems / sentinel-utilities

  View on GitHub
  Utilities for Microsoft Sentinel
  ☆20Dec 7, 2025Updated 2 months ago
• Bert-JanP / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunt…
  ☆1,638Updated this week
• ep3p / Sentinel_KQL

  View on GitHub
  In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…
  ☆134Dec 18, 2025Updated 2 months ago
• jsa2 / EAST

  View on GitHub
  Extensible Azure Security Tool - Documentation
  ☆83Jun 1, 2023Updated 2 years ago
• alexverboon / Hunting-Queries-Detection-Rules

  View on GitHub
  KQL Queries. Microsoft Defender, Microsoft Sentinel
  ☆196Updated this week
• 0xAnalyst / DefenderATPQueries

  View on GitHub
  Hunting Queries for Defender ATP
  ☆83Dec 14, 2025Updated 2 months ago
• jsa2 / caOptics

  View on GitHub
  CA Optics - Azure AD Conditional Access Gap Analyzer
  ☆334Aug 28, 2024Updated last year
• mvelazc0 / BadZure

  View on GitHub
  BadZure automates the deployment of intentionally misconfigured Entra ID tenants and Azure subscriptions, populating them with diverse en…
  ☆487Updated this week
• LearningKijo / KQL

  View on GitHub
  Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
  ☆484Nov 22, 2024Updated last year
• microsoft / KqlTools

  View on GitHub
  A command line tool to explore real-time streams of events.
  ☆89Feb 14, 2025Updated last year
• OTRF / Microsoft-Sentinel2Go

  View on GitHub
  Microsoft Sentinel2Go is an open source project developed to expedite the deployment of a Microsoft Sentinel research lab.
  ☆586Jan 22, 2025Updated last year
• markolauren / sentinel

  View on GitHub
  ☆67Jan 20, 2026Updated last month
• Bert-JanP / Sentinel-Automation

  View on GitHub
  Sentinel Logic Apps, Playbooks and Workbooks to automate enrichment, incident analysis and more.
  ☆115Jan 18, 2026Updated last month
• nathanmcnulty / nathanmcnulty

  View on GitHub
  ☆382Feb 14, 2026Updated 2 weeks ago
• Cloud-Architekt / AzureAD-Attack-Defense

  View on GitHub
  This publication is a collection of various common attack scenarios on Microsoft Entra ID (formerly known as Azure Active Directory) and …
  ☆2,475Dec 31, 2025Updated last month
• YongRhee-MDE / LiveResponse

  View on GitHub
  M365 MDATP Live Response sample scripts
  ☆82Nov 1, 2024Updated last year
• cisagov / pshtt_reporter

  View on GitHub
  Generate HTTPS reports based on scan data
  ☆15Feb 18, 2026Updated last week
• rootsecdev / Presentations

  View on GitHub
  Presentations from Conferences
  ☆31Sep 14, 2024Updated last year
• jconwell / fqdn_parser

  View on GitHub
  fqdn_parser (Fully Qualified Domain Name Parser) is a library for parsing FQDNs into their component parts, as well as providing addition…
  ☆28Jul 20, 2024Updated last year
• CTI-Driven / Advanced-Threat-Hunting-Ransomware-Groups-Affiliates

  View on GitHub
  Advanced Threat Hunting: Ransomware Group
  ☆29Jul 9, 2025Updated 7 months ago
• microsoft / Microsoft-Defender-for-Identity

  View on GitHub
  Additional resources to improve customer experience with Microsoft Defender for Identity
  ☆121Sep 12, 2025Updated 5 months ago
• secgroundzero / KQL_Reference_Manual

  View on GitHub
  ☆43May 22, 2021Updated 4 years ago
• AzureAD / IdentityProtectionTools

  View on GitHub
  Sample PowerShell module and scripts for managing Azure AD Identity Protection service
  ☆85Aug 12, 2022Updated 3 years ago
• darkquasar / AzureHunter

  View on GitHub
  A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365
  ☆789Oct 29, 2022Updated 3 years ago