ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.
☆39Oct 30, 2024Updated last year
Alternatives and similar repositories for ADXFlowmaster
Users that are interested in ADXFlowmaster are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆22Aug 29, 2023Updated 2 years ago
- various tools for Microsoft Sentinel☆32Jun 26, 2025Updated 8 months ago
- ☆35Mar 23, 2024Updated 2 years ago
- This repo aims to help you decipher the UAL from a Digital Forensics & Incident Response (DFIR) perspective. The UAL is the Microsoft 365…☆64May 12, 2024Updated last year
- Random Powershell scripts☆13Feb 13, 2024Updated 2 years ago
- ☆37Mar 2, 2026Updated 3 weeks ago
- ☆45Apr 10, 2024Updated last year
- A platform for extracting and shipping security value from your data lake to Sentinel.☆35Sep 19, 2024Updated last year
- PowerShell-based Automation of Defender for Endpoint☆190Jul 3, 2025Updated 8 months ago
- PDump is a project for dumping leaked credentials from DEHASHED☆17Jan 21, 2024Updated 2 years ago
- Sentinel BEC IR☆14Aug 18, 2022Updated 3 years ago
- Tool for creating reports on Entra ID Role Assignments☆101Apr 12, 2024Updated last year
- Velociraptor Server hosted in Azure App Service☆59Jun 4, 2025Updated 9 months ago
- ☆19Dec 18, 2024Updated last year
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆581Dec 6, 2025Updated 3 months ago
- BlackCat is a PowerShell module designed to validate the security of Microsoft Azure. It provides a set of functions to identify potentia…☆197Updated this week
- In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…☆135Updated this week
- A tool for fetching DFIR and other GitHub tools.☆26Aug 2, 2025Updated 7 months ago
- An automation framework for deploying Microsoft Sentinel environments using pipelines. This project combines infrastructure-as-code (Bice…☆36Updated this week
- MAES: M365 Analyzer & Extractor Suite Po☆33Feb 14, 2026Updated last month
- KQL Detections for Microsoft Sentinel and Microsoft 365 Defender☆21Nov 15, 2024Updated last year
- Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.☆486Nov 22, 2024Updated last year
- ☆12Oct 24, 2022Updated 3 years ago
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆13Jan 24, 2026Updated 2 months ago
- TIM is a Kusto investigation platform that enables a user to quickly pivot between data sources; annotate their findings; and promotes co…☆23Aug 7, 2024Updated last year
- CyberWarFare Labs hands-on workshop on the topic "Detecting Adversarial Tradecrafts/Tools by leveraging ETW"☆50Mar 2, 2022Updated 4 years ago
- MDE Quickstart is a battle-tested MDE policy set designed to be restored with Intune Backup & Restore☆65Dec 26, 2022Updated 3 years ago
- MSSprinkler is a password spraying utility for organizations to test their Microsoft Online accounts from an external perspective. It emp…☆79Jan 22, 2026Updated 2 months ago
- Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR☆17Nov 7, 2025Updated 4 months ago
- ☆30May 1, 2025Updated 10 months ago
- Hunting Queries for Defender ATP☆83Dec 14, 2025Updated 3 months ago
- Collection of Microsoft Identity Threat Detection and Response resources.☆52Mar 1, 2026Updated 3 weeks ago
- MISP to Microsoft Defender integration☆17Feb 24, 2026Updated 3 weeks ago
- M365/Azure adversary simulation tool that generates realistic attack telemetry to help blue teams improve their detection and response ca…☆322Oct 12, 2025Updated 5 months ago
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆53Oct 23, 2024Updated last year
- A PowerShell-based script to analyze network logs from CSV files and detect potential beaconing behavior. Supports VirusTotal integration…☆17May 11, 2025Updated 10 months ago
- This Module Helps to Scan a Commit History of a Repo for Leakage of Secrets☆15Apr 26, 2025Updated 10 months ago
- MDE Tester is designed to help testing various features in Microsoft Defender for Endpoint.☆193Feb 20, 2026Updated last month
- Sentinel Threat Intelligence Upload Toolkit☆18Jul 15, 2024Updated last year