microsoft / KqlTools
A command line tool to explore real-time streams of events.
☆80Updated last year
Related projects: ⓘ
- ☆108Updated 3 weeks ago
- Repository for public site hosting graph permissions☆18Updated this week
- This is an advanced KQL blog series and book☆106Updated 4 months ago
- Assess Azure Security State☆37Updated 7 months ago
- ☆65Updated 2 years ago
- ☆36Updated 2 years ago
- AzureLogLibrary - repository used for Azure logging with ARM-templates, scripts, documentation to deploy DCRs, extensions, etc☆12Updated last year
- Repository hosting a static list of Microsoft First party apps and Graph permissions that's updated daily☆79Updated last week
- Deploying and Managing Azure Sentinel – Ninja style☆30Updated 3 years ago
- A collection of scripts and works related to Azure Sentinel☆40Updated 2 years ago
- A collection of ARM-based detections for Azure/AzureAD based TTPs☆78Updated 9 months ago
- Sharing my KQL queries for Azure Sentinel☆134Updated last month
- A guide to using Azure Data Explorer and KQL for DFIR☆94Updated 2 years ago
- M365 MDATP Live Response sample scripts☆58Updated 3 years ago
- Docs and samples for privileged identity and access management in Microsoft Azure and Microsoft Entra.☆131Updated last week
- ClientInspectorV2 - Unleashing the power of Azure LogAnalytics, Azure Data Collection Rules, Log Ingestion API by doing client inventory …☆22Updated last year
- Solution to deploy a Sentinel playground demo environment☆53Updated last year
- PowerShell module to manage Azure Active Directory app credentials.☆107Updated 6 months ago
- Security Copilot resources☆17Updated last month
- KQL queries for cyber defense and for solving daily issues☆42Updated last month
- Azure Sentinel Workshop☆16Updated 3 years ago
- Collection of Microsoft Identity Threat Detection and Response resources.☆31Updated 3 weeks ago
- ☆29Updated last year
- PowerShell Module for managing Microsoft Defender Advanced Threat Protection☆68Updated last year
- The repository contains artifacts to create and publish reports, alerts, and dashboards based on Azure AD B2C logs. These artifacts can a…☆57Updated last year
- Azure Sentinel PowerShell cmdlets☆20Updated 2 years ago
- PowerShell ETW consumer module☆26Updated 8 months ago
- Welcome to the documentation of ADO Security Scanner!☆64Updated last year
- ☆27Updated this week
- Public content repo for ATA documentation in OPS☆73Updated this week