Michael Melone's Kusto Query library
☆20Nov 17, 2023Updated 2 years ago
Alternatives and similar repositories for KQL
Users that are interested in KQL are comparing it to the libraries listed below
Sorting:
- DEPRECATED -> GO TO https://github.com/microsoft/Microsoft-threat-protection-Hunting-Queries☆20Apr 22, 2020Updated 5 years ago
- Firewall & Antivirus Exclusions Migrator☆16Apr 5, 2022Updated 3 years ago
- Advanced Interactive Security Workshop☆20Dec 28, 2020Updated 5 years ago
- ☆50Jul 7, 2024Updated last year
- List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…☆26Jun 30, 2021Updated 4 years ago
- Hunting Queries for Defender ATP☆83Dec 14, 2025Updated 3 months ago
- This repository is for public files shared by the Microsoft Information Protection Team☆25Jan 6, 2021Updated 5 years ago
- KQL queries for Advanced Hunting☆177Jan 16, 2020Updated 6 years ago
- M365 Defender SOC Playbooks☆24Feb 6, 2023Updated 3 years ago
- Config files for my GitHub profile.☆10Oct 24, 2025Updated 4 months ago
- Sigma Queries turned into KQL for Defender using pysigma☆12Jun 20, 2024Updated last year
- Sentinel BEC IR☆14Aug 18, 2022Updated 3 years ago
- Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.☆133Feb 10, 2026Updated last month
- ☆67Mar 9, 2026Updated last week
- Bulk turn on Analytic rules in Azure Sentinel☆19Oct 7, 2021Updated 4 years ago
- In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…☆135Updated this week
- Power BI templates for Exchange Online Protection and Office 365 Advanced Threat Protection reporting☆13Sep 9, 2020Updated 5 years ago
- KQL queries for cyber defense and for solving daily issues☆55Jul 28, 2025Updated 7 months ago
- Manage Engine Decrypter☆24Oct 17, 2022Updated 3 years ago
- My useful KQL and Azure Monitor workbooks (Public)☆117Updated this week
- Random Powershell scripts☆13Feb 13, 2024Updated 2 years ago
- Create a Word document showing your Sentinel configuration☆14Nov 7, 2023Updated 2 years ago
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆40Apr 8, 2021Updated 4 years ago
- various tools for Microsoft Sentinel☆32Jun 26, 2025Updated 8 months ago
- KQL Detections for Microsoft Sentinel and Microsoft 365 Defender☆21Nov 15, 2024Updated last year
- ☆38Nov 12, 2024Updated last year
- Microsoft Sentinel SOC Operations☆264Jul 10, 2024Updated last year
- GitHub action for validating Microsoft Sentinel detection rules☆14May 22, 2023Updated 2 years ago
- ☆15Jun 28, 2024Updated last year
- ☆14Sep 22, 2023Updated 2 years ago
- This is a backup/test setup for the /r/ActiveDirectory reddit wiki and resource posts.☆19Mar 5, 2026Updated 2 weeks ago
- ☆45May 9, 2023Updated 2 years ago
- This script validates the most common Conditional Access policies in Microsoft 365.☆10May 27, 2024Updated last year
- Azure AD Incident Response☆27Oct 8, 2021Updated 4 years ago
- ☆20Sep 27, 2024Updated last year
- AI assistance☆12Jan 5, 2023Updated 3 years ago
- ☆11Oct 17, 2020Updated 5 years ago
- Hands-on Security Labs focused on Azure IaaS Security☆61Jan 19, 2020Updated 6 years ago
- Solution to deploy a Sentinel playground demo environment☆58Jun 9, 2023Updated 2 years ago