microsoft / KqlToolsLinks
A command line tool to explore real-time streams of events.
☆87Updated 8 months ago
Alternatives and similar repositories for KqlTools
Users that are interested in KqlTools are comparing it to the libraries listed below
Sorting:
- AzureLogLibrary - repository used for Azure logging with ARM-templates, scripts, documentation to deploy DCRs, extensions, etc☆13Updated 2 years ago
- ☆67Updated 3 years ago
- ☆215Updated 4 months ago
- Assess Azure Security State☆37Updated last year
- Repository hosting a static list of Microsoft First party apps and Graph permissions that's updated daily☆160Updated this week
- KQL queries☆13Updated 6 years ago
- Collection of Microsoft Identity Threat Detection and Response resources.☆49Updated 3 weeks ago
- ClientInspectorV2 - Unleashing the power of Azure LogAnalytics, Azure Data Collection Rules, Log Ingestion API by doing client inventory …☆25Updated 2 years ago
- KQL queries for Advanced Hunting☆176Updated 5 years ago
- PowerShell module to manage Azure Active Directory app credentials.☆119Updated last year
- KQL example queries for working in Azure☆34Updated last year
- Public content repo for ATA documentation in OPS☆75Updated 8 months ago
- Repository for public site hosting graph permissions☆29Updated 2 months ago
- Deploying and Managing Azure Sentinel – Ninja style☆32Updated 4 years ago
- ☆39Updated 4 years ago
- Repository for Software Certs for easy software blocking across corp environments, for example, using MDE IOC☆49Updated last week
- A collection of scripts and works related to Azure Sentinel☆41Updated 3 years ago
- This repository includes the parsers necessary for Microsoft Network Monitor to parse etl logs generated by Packet Monitor (Pktmon).☆21Updated 3 years ago
- Solution to deploy a Sentinel playground demo environment☆56Updated 2 years ago
- Logstash output for Kusto☆14Updated last month
- Microsoft Threat Intelligence☆194Updated last week
- Create a full AD/CA/ADFS/WAP lab environment with Azure AD Connect installed☆131Updated 3 years ago
- Self-contained Hyper-V Active Directory Lab Environment☆60Updated 3 months ago
- Sentinel Analytics Rule converter PowerShell module☆65Updated 9 months ago
- ☆99Updated this week
- A guide to using Azure Data Explorer and KQL for DFIR☆112Updated 3 years ago
- Defender for Endpoint☆27Updated last year
- Simple GUI for Microsoft Defender for Endpoint API machine actions in PowerShell.☆36Updated 2 years ago
- ☆30Updated 11 months ago
- Access a PowerShell instance from anywhere using Websockets and Cloudflare Quick Tunnels☆43Updated 2 years ago