microsoft / KqlToolsLinks
A command line tool to explore real-time streams of events.
☆87Updated 4 months ago
Alternatives and similar repositories for KqlTools
Users that are interested in KqlTools are comparing it to the libraries listed below
Sorting:
- This is an advanced KQL blog series and book☆116Updated last month
- Repository hosting a static list of Microsoft First party apps and Graph permissions that's updated daily☆141Updated last week
- KQL queries for Advanced Hunting☆173Updated 5 years ago
- A guide to using Azure Data Explorer and KQL for DFIR☆106Updated 3 years ago
- Sharing my KQL queries for Azure Sentinel☆174Updated last week
- ☆67Updated 3 years ago
- A collection of scripts and works related to Azure Sentinel☆42Updated 2 years ago
- A collection of ARM-based detections for Azure/AzureAD based TTPs☆88Updated last year
- ☆38Updated 3 years ago
- Sentinel Analytics Rule converter PowerShell module☆63Updated 5 months ago
- M365 MDATP Live Response sample scripts☆74Updated 7 months ago
- Repository with Sample KQL Query examples for Threat Hunting☆215Updated 2 years ago
- Public content repo for ATA documentation in OPS☆74Updated 4 months ago
- Collection of Microsoft Identity Threat Detection and Response resources.☆46Updated 3 weeks ago
- ☆30Updated 7 months ago
- Assess Azure Security State☆36Updated last year
- Workbooks for Azure Sentinel☆59Updated last year
- KQL example queries for working in Azure☆33Updated 10 months ago
- KQL queries for cyber defense and for solving daily issues☆52Updated last week
- ☆194Updated 2 weeks ago
- Sample queries for Advanced hunting in Microsoft Defender ATP☆39Updated 3 years ago
- A collection of Microsoft Sentinel workbooks and analytics rules.☆105Updated last year
- Microsoft Defender ATP Manageability and Maintenance scripts☆27Updated 2 years ago
- ☆43Updated 4 years ago
- AzureLogLibrary - repository used for Azure logging with ARM-templates, scripts, documentation to deploy DCRs, extensions, etc☆13Updated last year
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆79Updated 9 months ago
- Azure Sentinel PowerShell cmdlets☆21Updated 3 years ago
- ClientInspectorV2 - Unleashing the power of Azure LogAnalytics, Azure Data Collection Rules, Log Ingestion API by doing client inventory …☆24Updated 2 years ago
- Docs and samples for privileged identity and access management in Microsoft Azure and Microsoft Entra.☆161Updated last month
- ☆82Updated this week