microsoft / KqlTools
A command line tool to explore real-time streams of events.
☆83Updated last month
Alternatives and similar repositories for KqlTools:
Users that are interested in KqlTools are comparing it to the libraries listed below
- This is an advanced KQL blog series and book☆112Updated 10 months ago
- A collection of ARM-based detections for Azure/AzureAD based TTPs☆85Updated last year
- ☆38Updated 3 years ago
- A guide to using Azure Data Explorer and KQL for DFIR☆102Updated 2 years ago
- Repository hosting a static list of Microsoft First party apps and Graph permissions that's updated daily☆128Updated this week
- Deploying and Managing Azure Sentinel – Ninja style☆31Updated 4 years ago
- Sharing my KQL queries for Azure Sentinel☆165Updated 2 weeks ago
- KQL queries for cyber defense and for solving daily issues☆48Updated 2 months ago
- KQL queries for Advanced Hunting☆171Updated 5 years ago
- ☆17Updated 2 years ago
- Collection of Microsoft Identity Threat Detection and Response resources.☆41Updated last week
- KQL queries☆12Updated 5 years ago
- Assess Azure Security State☆36Updated last year
- ☆30Updated 4 months ago
- ☆41Updated 3 years ago
- ☆17Updated 3 years ago
- A collection of scripts and works related to Azure Sentinel☆42Updated 2 years ago
- Workbooks for Azure Sentinel☆58Updated last year
- M365 MDATP Live Response sample scripts☆69Updated 4 months ago
- Solution to deploy a Sentinel playground demo environment☆57Updated last year
- ☆173Updated last week
- Azure Sentinel Workshop☆17Updated 3 years ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆79Updated 6 months ago
- ☆65Updated 3 years ago
- Advanced Hunting Queries for Microsoft Security Products☆106Updated 2 years ago
- Cloud-native SIEM for intelligent security analytics for your entire enterprise.☆20Updated 3 years ago
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆39Updated 3 years ago
- In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…☆118Updated this week
- ☆55Updated 8 months ago
- Sentinel Recon Tools Workbook☆13Updated 2 years ago