microsoft / EventLogExpert
☆173Updated last week
Alternatives and similar repositories for EventLogExpert:
Users that are interested in EventLogExpert are comparing it to the libraries listed below
- ☆58Updated this week
- Custom ADMX template focused on hardening Windows 10 & Windows 11 systems☆80Updated 3 months ago
- Repository hosting a static list of Microsoft First party apps and Graph permissions that's updated daily☆127Updated this week
- Repository for Software Certs for easy software blocking across corp environments, for example, using MDE IOC☆35Updated this week
- The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Produc…☆432Updated last year
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆79Updated 6 months ago
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆448Updated this week
- Sysmon configuration file templates with advanced event tracing and blocking☆39Updated 2 weeks ago
- ☆61Updated last year
- MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.☆188Updated last year
- A guide to using Azure Data Explorer and KQL for DFIR☆102Updated 2 years ago
- ☆244Updated last week
- A collection of Microsoft Sentinel workbooks and analytics rules.☆105Updated last year
- A set of troubleshooting, diagnostic, and information utilities for Windows☆55Updated 5 months ago
- ClientInspectorV2 - Unleashing the power of Azure LogAnalytics, Azure Data Collection Rules, Log Ingestion API by doing client inventory …☆25Updated last year
- This module allows the creation of password expiry emails for users, managers, administrators, and security according to defined template…☆115Updated 2 months ago
- Documentation and tools to access Windows Defender Application Control (WDAC) technology.☆220Updated this week
- http://moaistory.blogspot.com/2018/10/winsearchdbanalyzer.html☆121Updated 8 months ago
- Sample queries for Advanced hunting in Microsoft Defender ATP☆37Updated 3 years ago
- This is an advanced KQL blog series and book☆112Updated 10 months ago
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆142Updated last month
- The Office 365 Extractor is a tool that allows for complete and reliable extraction of the Unified Audit Log (UAL)☆262Updated 3 years ago
- FBPro Audit Test Automation Package allows you to create compliance reports for your systems. The resulting HTML-reports provide a transp…☆117Updated last week
- In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…☆116Updated last week
- Sample queries and data as part of the Microsoft Press book, The Definitive Guide to KQL☆241Updated 6 months ago
- KQL queries for cyber defense and for solving daily issues☆48Updated 2 months ago
- Convert a variety of log formats to CSV while enriching detected IPs with Geolocation, ASN, DNS, WhoIs, Shodan InternetDB and Threat Indi…☆101Updated 5 months ago
- A command line tool to explore real-time streams of events.☆83Updated last month
- PowerShell tools to help defenders hunt smarter, hunt harder.☆329Updated 3 weeks ago
- ☆200Updated 4 months ago