reprise99 / mddrguidanceView external linksLinks
Links and guidance related to the return on mitigation report in the Microsoft Digital Defense Report
☆28Oct 10, 2023Updated 2 years ago
Alternatives and similar repositories for mddrguidance
Users that are interested in mddrguidance are comparing it to the libraries listed below
Sorting:
- Repository with Hunting and Detection Queries for Microsoft Sentinel and Microsoft Defender XDR☆16Nov 7, 2025Updated 3 months ago
- Azure OpenAI Playbook created for Microsoft Sentinel☆13May 2, 2024Updated last year
- Ian Hanley's deceptively simple KQL queries.☆68Dec 27, 2025Updated last month
- Config files for my GitHub profile.☆14May 7, 2023Updated 2 years ago
- General scripts that gather information out of Active Directory☆16Jun 9, 2022Updated 3 years ago
- ☆61Jun 24, 2023Updated 2 years ago
- ☆19Nov 23, 2022Updated 3 years ago
- KQLIntel is a browser-based tool that uses LLMs to convert threat intelligence reports into actionable Kusto Query Language (KQL) queries…☆29Aug 4, 2025Updated 6 months ago
- A small guide on Unknown/Orphaned SIDs and some PowerShell tools to help you get rid of them.☆20Mar 28, 2022Updated 3 years ago
- KQL Queries☆30Feb 8, 2026Updated last week
- Cloud-native SIEM for intelligent security analytics for your entire enterprise.☆20Apr 4, 2023Updated 2 years ago
- Scripts to check for security issues with SSH keys and authorized_keys files on Linux and other Unix-like operating systems.☆23Sep 29, 2025Updated 4 months ago
- Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.☆132Feb 10, 2026Updated last week
- This repo aims to help you decipher the UAL from a Digital Forensics & Incident Response (DFIR) perspective. The UAL is the Microsoft 365…☆63May 12, 2024Updated last year
- A curated list of blogs, videos, tutorials, queries and anything else valuable to help you learn and master KQL and Microsoft Sentinel☆240Feb 8, 2023Updated 3 years ago
- A repository for tracking events related to the MOVEit Transfer Cl0p Campaign☆71Jul 19, 2023Updated 2 years ago
- Started this due to a viral reddit post request. Like most M365 admins, I used to hate my job—constant tickets, dumb requests, and bosses…☆10May 4, 2025Updated 9 months ago
- KQL Queries. Microsoft Defender, Microsoft Sentinel☆194Dec 22, 2025Updated last month
- Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting☆68Dec 7, 2025Updated 2 months ago
- ResearchDev - XDR & SIEM Detection☆67Apr 16, 2025Updated 10 months ago
- Sentinel Analytics Rule converter PowerShell module☆65Dec 17, 2025Updated 2 months ago
- Security Scripts and Sources for daily usage.☆73Jan 25, 2026Updated 3 weeks ago
- A Microsoft Windows service to provide telemetry on Windows executable memory page changes to facilitate threat detection☆32Oct 7, 2020Updated 5 years ago
- Cover various security approaches to attack techniques and also provides new discoveries about security breaches.☆486Apr 17, 2025Updated 10 months ago
- Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.☆484Nov 22, 2024Updated last year
- A massive collection of Cybersecurity papers, guides and reports.☆10Jan 3, 2025Updated last year
- Web for Pentester I☆10Sep 21, 2018Updated 7 years ago
- A list of Entra ID (Azure AD) Audit event names and the corresponding Microsoft Graph Request Uri☆36Sep 27, 2024Updated last year
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆79Sep 9, 2024Updated last year
- Manage Azure and Microsoft 365 with the Microsoft Graph PowerShell SDK!☆79Aug 29, 2024Updated last year
- CIS & Azure Security Center Hardening recommendations implemented in PowerShell DSC from Azure Automation☆34Jun 10, 2021Updated 4 years ago
- ☆26Sep 2, 2016Updated 9 years ago
- ☆14Dec 11, 2025Updated 2 months ago
- The Azure Active Directory Incident Response PowerShell module provides a number of tools, developed by the Azure Active Directory Produc…☆450Jun 16, 2023Updated 2 years ago
- pollen - A command-line tool for interacting with TheHive☆36Jun 6, 2019Updated 6 years ago
- Scans NTFS permissions and ensures that BUILTIN\Administrators and NT AUTHORITY\SYSTEM have full control to every file and folder☆44Feb 8, 2025Updated last year
- ☆36Nov 11, 2025Updated 3 months ago
- Fun GUI for Group3rs output log☆37Aug 14, 2023Updated 2 years ago
- A collection of hunting and blue team scripts. Mostly others, some my own.☆38Jan 8, 2023Updated 3 years ago