Michael Melone's Kusto Query library
☆20Nov 17, 2023Updated 2 years ago
Alternatives and similar repositories for KQL
Users that are interested in KQL are comparing it to the libraries listed below
Sorting:
- Sentinel BEC IR☆14Aug 18, 2022Updated 3 years ago
- Advanced Interactive Security Workshop☆20Dec 28, 2020Updated 5 years ago
- KQL queries for Advanced Hunting☆176Jan 16, 2020Updated 6 years ago
- List of custom developed KQL queries to help proactive security teams hunt for opportunistic and sophisticated threat activity by develop…☆26Jun 30, 2021Updated 4 years ago
- ☆50Jul 7, 2024Updated last year
- KQL queries for cyber defense and for solving daily issues☆55Jul 28, 2025Updated 7 months ago
- Solution to deploy a Sentinel playground demo environment☆58Jun 9, 2023Updated 2 years ago
- Azure AD Incident Response☆27Oct 8, 2021Updated 4 years ago
- This script validates the most common Conditional Access policies in Microsoft 365.☆10May 27, 2024Updated last year
- These are some of the commands which I use frequently during Malware Analysis and DFIR.☆24Jan 8, 2024Updated 2 years ago
- DEPRECATED -> GO TO https://github.com/microsoft/Microsoft-threat-protection-Hunting-Queries☆21Apr 22, 2020Updated 5 years ago
- Hands-on Security Labs focused on Azure IaaS Security☆61Jan 19, 2020Updated 6 years ago
- M365 Defender SOC Playbooks☆24Feb 6, 2023Updated 3 years ago
- Manage Engine Decrypter☆24Oct 17, 2022Updated 3 years ago
- Config files for my GitHub profile.☆10Oct 24, 2025Updated 4 months ago
- General Content☆25Dec 23, 2025Updated 2 months ago
- Microsoft Sentinel SOC Operations☆264Jul 10, 2024Updated last year
- ☆32Aug 16, 2022Updated 3 years ago
- various tools for Microsoft Sentinel☆32Jun 26, 2025Updated 8 months ago
- misp-cloud - Cloud-ready images of MISP☆74Aug 24, 2022Updated 3 years ago
- Repository with Sample KQL Query examples for Threat Hunting☆217Sep 1, 2022Updated 3 years ago
- ☆38Nov 12, 2024Updated last year
- In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…☆134Dec 18, 2025Updated 2 months ago
- Extensible Azure Security Tool - Documentation☆83Jun 1, 2023Updated 2 years ago
- Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.☆133Feb 10, 2026Updated 2 weeks ago
- 64bit Windows 10 shellcode that adds user BOKU:SP3C1ALM0V3 to the system and the localgroups Administrators & "Remote Desktop Users"☆39May 3, 2021Updated 4 years ago
- Hunting Queries for Defender ATP☆83Dec 14, 2025Updated 2 months ago
- ☆13Sep 28, 2024Updated last year
- This is a backup/test setup for the /r/ActiveDirectory reddit wiki and resource posts.☆19Nov 15, 2025Updated 3 months ago
- CloudGraph managed policy packs☆10May 17, 2023Updated 2 years ago
- It's a handy tool to help you analyze malware. You can use this tool to query your malware samples using different hashes or find all oth…☆20Jul 22, 2025Updated 7 months ago
- Import Recommended Firewall Rules from vRNI to VMware Cloud on AWS or NSX-T☆10Feb 3, 2022Updated 4 years ago
- Sigma Queries turned into KQL for Defender using pysigma☆12Jun 20, 2024Updated last year
- ☆67Jan 20, 2026Updated last month
- Yet another property management system☆10Oct 17, 2025Updated 4 months ago
- An HTTP proxy library for Go☆17Jun 22, 2022Updated 3 years ago
- Kernels for Untangle products☆10Jan 29, 2026Updated last month
- Hunting Queries for Microsoft Defender Security Center https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defe…☆40Apr 8, 2021Updated 4 years ago
- ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.☆40Oct 30, 2024Updated last year