microsoft / KqlTools
A command line tool to explore real-time streams of events.
☆85Updated 2 months ago
Alternatives and similar repositories for KqlTools:
Users that are interested in KqlTools are comparing it to the libraries listed below
- Repository hosting a static list of Microsoft First party apps and Graph permissions that's updated daily☆130Updated this week
- This is an advanced KQL blog series and book☆112Updated 11 months ago
- Sharing my KQL queries for Azure Sentinel☆169Updated 2 weeks ago
- M365 MDATP Live Response sample scripts☆69Updated 5 months ago
- Repository for public site hosting graph permissions☆26Updated this week
- A collection of ARM-based detections for Azure/AzureAD based TTPs☆85Updated last year
- Assess Azure Security State☆36Updated last year
- ☆38Updated 3 years ago
- A guide to using Azure Data Explorer and KQL for DFIR☆102Updated 2 years ago
- A collection of scripts and works related to Azure Sentinel☆42Updated 2 years ago
- ☆67Updated this week
- Docs and samples for privileged identity and access management in Microsoft Azure and Microsoft Entra.☆158Updated 3 weeks ago
- KQL queries for cyber defense and for solving daily issues☆49Updated 3 months ago
- ☆30Updated 5 months ago
- Public content repo for ATA documentation in OPS☆74Updated 2 months ago
- Sentinel Analytics Rule converter PowerShell module☆59Updated 3 months ago
- KQL queries for Advanced Hunting☆172Updated 5 years ago
- ☆65Updated 3 years ago
- PowerShell module to manage Azure Active Directory app credentials.☆116Updated last year
- ☆179Updated last week
- MDE Quickstart is a battle-tested MDE policy set designed to be restored with Intune Backup & Restore☆66Updated 2 years ago
- Collection of Microsoft Identity Threat Detection and Response resources.☆44Updated 2 weeks ago
- Community project to classify, identify and protect your privileges based on Enterprise Access Model (EAM)☆153Updated last month
- Azure AD Identity Protection Cookie Spoofing☆32Updated last year
- ☆48Updated 9 months ago
- ☆51Updated 2 months ago
- KQL example queries for working in Azure☆32Updated 8 months ago
- Azure Managed Identity Permissions Tool, a new PowerShell tool that simplifies and streamlines the management of Managed Identity permiss…☆65Updated 2 weeks ago
- ☆18Updated 2 years ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆79Updated 7 months ago