☆43May 22, 2021Updated 4 years ago
Alternatives and similar repositories for KQL_Reference_Manual
Users that are interested in KQL_Reference_Manual are comparing it to the libraries listed below
Sorting:
- Miscellaneous Azure Sentinel files that don't fall into other categories.☆13Aug 23, 2021Updated 4 years ago
- ☆13May 30, 2025Updated 9 months ago
- Solution to deploy a Sentinel playground demo environment☆58Jun 9, 2023Updated 2 years ago
- Guidance and collateral for troubleshooting and managing Azure Sentinel data costs.☆28Oct 9, 2023Updated 2 years ago
- Sentinel Threat Intelligence Upload Toolkit☆18Jul 15, 2024Updated last year
- ☆90Jan 10, 2024Updated 2 years ago
- Various tools used to monitor and troubleshoot Azure Sentinel data☆31Oct 24, 2024Updated last year
- Ludus roles to deploy ASR rules and MDI auditing settings☆24Aug 5, 2025Updated 7 months ago
- ☆19Dec 18, 2024Updated last year
- Random tips and tricks RE: ransomware☆14Aug 17, 2021Updated 4 years ago
- ☆59Jul 18, 2024Updated last year
- PowerShell 'Hero': scripts for DFIR and automation with a PowerShell menu example.☆37Jul 11, 2023Updated 2 years ago
- Defender for Endpoint☆18Mar 11, 2024Updated 2 years ago
- Sentinel BEC IR☆14Aug 18, 2022Updated 3 years ago
- ☆21Jan 30, 2024Updated 2 years ago
- Knowing which rule should trigger according to the redcannary test☆11Nov 23, 2024Updated last year
- Intune related scripts☆86Jan 16, 2025Updated last year
- Overview of MS Defender☆118Feb 20, 2026Updated last month
- This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet☆13Jan 24, 2026Updated last month
- Additional resources to improve customer experience with Microsoft Defender for Identity☆121Sep 12, 2025Updated 6 months ago
- ☆18Jul 13, 2022Updated 3 years ago
- Research into Undocumented Behavior of Azure AD Refresh Tokens☆13Oct 27, 2023Updated 2 years ago
- The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel☆277Jan 2, 2026Updated 2 months ago
- Microsoft Defender Advanced Threat Protection☆49Jan 28, 2026Updated last month
- Sharing presentation slides and workbook templates that can be useful to others to learn more about Azure Active Directory!☆21Aug 23, 2024Updated last year
- Repository with Sample KQL Query examples for Threat Hunting☆218Sep 1, 2022Updated 3 years ago
- Bulk turn on Analytic rules in Azure Sentinel☆19Oct 7, 2021Updated 4 years ago
- Custom Splunk search command to reconstruct a pstree from Sysmon process creation events (EventCode 1)☆24Mar 3, 2023Updated 3 years ago
- Repository to publish sample use cases, templates, solutions, automations for Microsoft Defender Threat Intelligence (MDTI) product☆80Sep 9, 2024Updated last year
- Azure Sentinel KQL☆471Jul 28, 2025Updated 7 months ago
- Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.☆209Jul 21, 2022Updated 3 years ago
- CONVEX is a group of CTFs that are independently deployable into participant Azure environments.☆140May 16, 2022Updated 3 years ago
- ☆12Oct 24, 2022Updated 3 years ago
- Extensible Azure Security Tool - Documentation☆83Jun 1, 2023Updated 2 years ago
- Add POST body excerpt to Bro's HTTP log☆14Dec 10, 2025Updated 3 months ago
- Hints for the Kusto Detective Agency☆16Dec 17, 2022Updated 3 years ago
- Identify the attack paths in BloodHound breaking your AD tiering☆326Nov 6, 2022Updated 3 years ago
- An introduction to Active Directory security☆651Aug 22, 2022Updated 3 years ago
- MDE relies on some of the Audit settings to be enabled☆100Jul 15, 2022Updated 3 years ago