☆43May 22, 2021Updated 4 years ago
Alternatives and similar repositories for KQL_Reference_Manual
Users that are interested in KQL_Reference_Manual are comparing it to the libraries listed below
Sorting:
- ☆13May 30, 2025Updated 9 months ago
- Solution to deploy a Sentinel playground demo environment☆58Jun 9, 2023Updated 2 years ago
- ☆19Dec 18, 2024Updated last year
- Sentinel BEC IR☆14Aug 18, 2022Updated 3 years ago
- Miscellaneous Azure Sentinel files that don't fall into other categories.☆13Aug 23, 2021Updated 4 years ago
- Sentinel Threat Intelligence Upload Toolkit☆18Jul 15, 2024Updated last year
- Various tools used to monitor and troubleshoot Azure Sentinel data☆31Oct 24, 2024Updated last year
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆36Jul 11, 2023Updated 2 years ago
- Sharing presentation slides and workbook templates that can be useful to others to learn more about Azure Active Directory!☆21Aug 23, 2024Updated last year
- Research into Undocumented Behavior of Azure AD Refresh Tokens☆13Oct 27, 2023Updated 2 years ago
- ☆90Jan 10, 2024Updated 2 years ago
- Is a portable forensic tool for analyzing Windows logs, pre-organized according to the methodology outlined in this job: https://cybersec…☆15Jul 19, 2025Updated 7 months ago
- Ludus roles to deploy ASR rules and MDI auditing settings☆16Aug 5, 2025Updated 6 months ago
- Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)☆24Mar 3, 2023Updated 2 years ago
- Additional resources to improve customer experience with Microsoft Defender for Identity☆121Sep 12, 2025Updated 5 months ago
- CONVEX is a group of CTFs that are independently deployable into participant Azure environments.☆140May 16, 2022Updated 3 years ago
- The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel☆277Jan 2, 2026Updated last month
- Extensible Azure Security Tool - Documentation☆83Jun 1, 2023Updated 2 years ago
- Identify the attack paths in BloodHound breaking your AD tiering☆326Nov 6, 2022Updated 3 years ago
- CLI tool written in Go to generate Canary Tokens from https://canarytokens.org☆13Aug 22, 2025Updated 6 months ago
- ☆11Oct 24, 2022Updated 3 years ago
- Open source HIDS tailored for Microsoft Windows and Active Directory☆29Feb 13, 2026Updated 2 weeks ago
- Splunk app for visualization of DMARC RUA mails☆15Sep 26, 2025Updated 5 months ago
- ☆14Mar 5, 2021Updated 4 years ago
- Guidance and collateral for troubleshooting and managing Azure Sentinel data costs.☆28Oct 9, 2023Updated 2 years ago
- Import specific data sources into the Sigma generic and open signature format.☆79May 6, 2022Updated 3 years ago
- Hunting Queries for Defender ATP☆83Dec 14, 2025Updated 2 months ago
- Repository with Sample KQL Query examples for Threat Hunting☆217Sep 1, 2022Updated 3 years ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆208Jul 21, 2022Updated 3 years ago
- KQL queries for cyber defense and for solving daily issues☆55Jul 28, 2025Updated 7 months ago
- Track progress and keep notes while working through likethecoins' CTI Self Study Plan☆29Aug 25, 2022Updated 3 years ago
- Easy discovery of assets☆13Jun 22, 2022Updated 3 years ago
- Bash tool used for proactive detection of malicious activity on macOS systems.☆39Sep 29, 2025Updated 5 months ago
- Convert kirbi ticket from mimikatz into hashcat format to crack it☆13Mar 5, 2019Updated 6 years ago
- IP address filter by City☆12Jan 17, 2025Updated last year
- Random tips and tricks RE: ransomware☆14Aug 17, 2021Updated 4 years ago
- Repository for Ludus french templates☆21Updated this week
- Ludus role for deploying a Mythic Teamserver onto Linux servers☆23Mar 16, 2025Updated 11 months ago
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆13Jan 24, 2026Updated last month