| Azure Sentinel Repository - Azure |
Cloud-native SIEM for intelligent security analytics for your entire enterprise |
 |
| Sentinel-Queries - reprise99 |
Collection of KQL queries |
 |
| Falcon Friday - FalconForceTeam |
Hunting queries and detections |
 |
| Threat-Hunting-and-Detection - Cyb3r-Monk |
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language). |
 |
| Hunting-Queries-Detection-Rules - Bert-JanP |
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules. |
 |
| AzSentinelQueries - f-bader |
Repository with Sentinel Analytics Rules and Hunting Queries |
 |
| KQL-threat-hunting-queries - cyb3rmik3 |
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender). |
 |
| KQL - Wortell |
KQL queries for Advanced Hunting |
 |
| SentinelKQL - rod-trent |
Azure Sentinel KQL |
 |
| Sentinel_KQL - ep3p |
In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool). |
 |
| AdvancedHuntingQueries - lawndoc |
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant |
 |
| MDATP AdvancedHunting - JesseEsquivel |
Microsoft Defender Advanced Threat Protection |
 |
| KQL - mjmelone |
Michael Melone's Kusto Query library |
 |
| AzureSentinel - Cloud-Architekt |
Sharing my KQL queries for Azure Sentinel |
 |
| Hunting-Queries-Detection-Rules - alexverboon |
KQL Queries. Microsoft 365 Defender, Microsoft Sentinel |
 |
| KQL Security Queries - Shivammalaviya |
KQL Security Queries |
 |
| Invictus-training - KQL-QueryPack - invictus-ir |
Invictus: Cloud Incident Response Query Pack |
 |
| DefenderATPQueries - 0xAnalyst |
Hunting Queries for Defender ATP |
 |
| LearningKijo/KQL |
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint. |
 |
| awesomekql - awesomekql |
Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs |
 |
| Hunting-Queries-Detection-Rules - KustoKing |
KQL Detections for Microsoft Sentinel and Microsoft 365 Defender |
 |
| KQL- mr-r3b00t |
This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet |
 |
| MustLearnKQL - rod-trent |
Code included as part of the MustLearnKQL blog series |
 |
| kql-for-dfir - reprise99 |
A guide to using Azure Data Explorer and KQL for DFIR |
 |
| Invictus-training - Invictus |
Cloud Incident Response Query Pack |
|
| MDATP - JesseEsquivel |
Microsoft Defender Advanced Threat Protection |
|
| DefenderATPQueries - 0xAnalyst |
Hunting Queries for Defender ATP |
|
| KQL - LearningKijo |
Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint. |
|
| KQL - KostasKoutrou |
KQL Queries for Advanced Hunting / Log Analytics |
 |
| Sentinel-queries - samilamppu |
Sentinel-queries |
 |
| Hunting-Queries-Detection-Rules - SlimKQL |
KQL Queries. Microsoft Defender, Microsoft Sentinel |
 |
| KustQueryLanguage_kql - m4nbat |
Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting |
 |
| DE-TH-Aura - SecurityAura |
Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or even inspiration). |
 |
| Threat-Hunting-KQL-Queries - Sergio-Albea-Git |
Threat-Hunting-KQL-Queries |
 |
| Kustonomicon - KernelCaleb |
The Kustonomicon is your reference companion for navigating the depths of Kusto Query Language (KQL). |
 |
| KQL_Intune - ugurkocde |
KQL_Intune |
 |
| Azure-SecOps - AttacktheSOC |
Collection of different Azure/Entra focused solutions (Deployable templates, Function Apps, etc) |
 |
