some KQL Queries for Advanced Hunting

Advanced Wazuh Rules for more accurate threat detection. Feel free to implement within your own Wazuh environment, contribute, or fork!

KQLIntel is a browser-based tool that uses LLMs to convert threat intelligence reports into actionable Kusto Query Language (KQL) queries by extracting IOCs from URLs or raw text.

Best known optimizations for the game Opus Magnum.

KQL Sentinel and Defender Detection and Hunting Queries.

KQL Queries

This repository provides a complete solution for deploying and configuring an Azure Data Explorer (ADX) cluster designed specifically for security log centralisation, aligned with Microsoft's Advan…

sKaleQL is an opinionated template repository for managing, executing, and organizing Kusto Query Language (KQL) queries against Azure Log Analytics Workspaces.

A list of Free Software network services and web applications which can be hosted on your own servers

Public repository focused on Microsoft Sentinel, for sharing queries, detections, and other content that may be useful to someone.

Advanced Threat Hunting: Ransomware Group

Collection of different Azure/Entra focused solutions (Deployable templates, Function Apps, etc)

Online resources related to Detection Engineering. Detection rules, detection logic, attack samples, detection tests and emulation tools, logging configuration and best practices, event log refere…

Conditional Access Reporting

A collection of KQL queries for running security monitoring in Microsoft Azure using Azure Sentinel and 365 Defender Advanced Hunting.

Collection of defensive KQL queries

Azure Sentinel, geniş ölçekte tehditleri tespit etmek, izlemek, analiz etmek ve önlem almak için kullanılır. Hem Azure hizmetlerinden gelen verileri hem de çeşitli üçüncü taraf sistemlerden ve ciha…

The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior

Azure administrative tiering based on known attack paths

Collection of scripts, will try keep them in order 😁

Initial Access and Post-Exploitation Tool for AAD and O365 with a browser-based GUI

Detection rules and threat hunting queries in Defender XDR and Azure Sentinel

KQL Queries for Azure Sentinel

A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID

Microsoft Logic Apps flows

A series of cloud focused KQL queries for threat hunting and DFIR