ADXFlowmaster helps SecOps teams Threat Hunt suspicious network traffic inside & outside of Azure.
☆40Oct 30, 2024Updated last year
Alternatives and similar repositories for ADXFlowmaster
Users that are interested in ADXFlowmaster are comparing it to the libraries listed below
Sorting:
- ☆22Aug 29, 2023Updated 2 years ago
- various tools for Microsoft Sentinel☆32Jun 26, 2025Updated 8 months ago
- ☆35Mar 23, 2024Updated last year
- ☆37Updated this week
- Random Powershell scripts☆13Feb 13, 2024Updated 2 years ago
- This repo aims to help you decipher the UAL from a Digital Forensics & Incident Response (DFIR) perspective. The UAL is the Microsoft 365…☆64May 12, 2024Updated last year
- Sentinel BEC IR☆14Aug 18, 2022Updated 3 years ago
- In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (…☆134Dec 18, 2025Updated 2 months ago
- Tool for creating reports on Entra ID Role Assignments☆101Apr 12, 2024Updated last year
- Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.☆484Nov 22, 2024Updated last year
- A platform for extracting and shipping security value from your data lake to Sentinel.☆35Sep 19, 2024Updated last year
- PowerShell-based Automation of Defender for Endpoint☆187Jul 3, 2025Updated 8 months ago
- A tool for fetching DFIR and other GitHub tools.☆25Aug 2, 2025Updated 7 months ago
- MAES: M365 Analyzer & Extractor Suite Po☆33Feb 14, 2026Updated 2 weeks ago
- MISP to Microsoft Defender integration☆16Feb 24, 2026Updated last week
- A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID☆577Dec 6, 2025Updated 2 months ago
- TIM is a Kusto investigation platform that enables a user to quickly pivot between data sources; annotate their findings; and promotes co…☆23Aug 7, 2024Updated last year
- MDE Quickstart is a battle-tested MDE policy set designed to be restored with Intune Backup & Restore☆65Dec 26, 2022Updated 3 years ago
- BlackCat is a PowerShell module designed to validate the security of Microsoft Azure. It provides a set of functions to identify potentia…☆191Feb 17, 2026Updated 2 weeks ago
- PDump is a project for dumping leaked credentials from DEHASHED☆17Jan 21, 2024Updated 2 years ago
- ☆45Apr 10, 2024Updated last year
- ☆55Jan 19, 2026Updated last month
- Collection of Microsoft Identity Threat Detection and Response resources.☆52Updated this week
- Repository documenting how Threat Intelligence and / or a Threat Intelligence Platform can prove its value to an organisation.☆53Oct 23, 2024Updated last year
- CyberWarFare Labs hands-on workshop on the topic "Detecting Adversarial Tradecrafts/Tools by leveraging ETW"☆50Mar 2, 2022Updated 4 years ago
- Velociraptor Server hosted in Azure App Service☆59Jun 4, 2025Updated 8 months ago
- An automation framework for deploying Microsoft Sentinel environments using pipelines. This project combines infrastructure-as-code (Bice…☆22Jul 31, 2025Updated 7 months ago
- ☆11Oct 24, 2022Updated 3 years ago
- AzureLogLibrary - repository used for Azure logging with ARM-templates, scripts, documentation to deploy DCRs, extensions, etc☆14Aug 11, 2023Updated 2 years ago
- ☆56Updated this week
- A tool to automate memory dump processing using Volatility, including optional Splunk integration.☆12Jul 29, 2020Updated 5 years ago
- Hunting Queries for Defender ATP☆83Dec 14, 2025Updated 2 months ago
- Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR☆16Nov 7, 2025Updated 3 months ago
- ☆19Dec 18, 2024Updated last year
- ☆12Jul 15, 2022Updated 3 years ago
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆13Jan 24, 2026Updated last month
- Adversarial Interception Mission Oriented Discovery and Disruption Framework, or AIMOD2, is a structured threat hunting approach to proac…☆90Sep 16, 2023Updated 2 years ago
- Enable the automatic deployment of Azure Sentinel using code☆117May 3, 2022Updated 3 years ago
- A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 D…☆758Aug 28, 2025Updated 6 months ago