kql

Star

Here are 144 public repositories matching this topic...

Language:All

Filter by language

All144 PowerShell18 Python8 C#6 Jupyter Notebook5 HTML4 JavaScript4 PHP4 Shell2 Bicep2 C1

Sort:Most stars

Sort options

Most stars Fewest stars Most forks Fewest forks Recently updated Least recently updated

Bert-JanP /Hunting-Queries-Detection-Rules

Star1.4k

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

security azure sentinel dfir cybersecurity infosec threat-hunting misp vulnerability-management mde blueteam mdi zero-day kql defender-for-endpoint

UpdatedMar 3, 2025
Python

netevert /sentinel-attack

Star1.1k

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

azure detection logging cybersecurity sysmon threat-hunting siem security-tools blue-team mitre-attack workbooks sysmon-config terraform-azure kql azure-sentinel

UpdatedNov 28, 2024

FalconForceTeam /FalconFriday

Star776

Hunting queries and detections

sentinel hunting blueteam purpleteam kql defender-atp defender-for-endpoint

UpdatedJan 17, 2025

Cyb3r-Monk /Threat-Hunting-and-Detection

Sponsor

Star716

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

dfir cybersecurity threat-hunting threat-detection kql detection-engineering kusto-language defender-for-endpoint microsoft-sentinel

UpdatedMar 14, 2025
Jupyter Notebook

cyb3rmik3 /KQL-threat-hunting-queries

Star669

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

microsoft security sentinel threat-hunting threat-detection securitycenter kusto kql threat-hunt microsoft-365 kusto-query-language microsoft-security microsoft-sentinel kusto-query microsoft-365-security microsoft-365-defender threat-detecting microsoft-xdr microsoftxdr

UpdatedFeb 12, 2025

SlimKQL /Hunting-Queries-Detection-Rules

Star537

KQL Queries. Microsoft Defender, Microsoft Sentinel

microsoft azure sentinel defender mitre-attack kql threathunting threatdetection defenderxdr

UpdatedMar 16, 2025
HTML

LearningKijo /KQL

Star464

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

incident-response threat-hunting xdr edr kusto kql

UpdatedNov 22, 2024

alexverboon /MDATP

Star459

MDATP

learning blogs kql threathunting defender-for-endpoint defender-for-identity microsoft-defender-xdr defender-for-cloud-apps defender-for-office-365

UpdatedJul 20, 2024
PowerShell

cyb3rmik3 /MDE-DFIR-Resources

Star390

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

microsoft incident-response resources dfir curated-list digital-forensics mde curated-collections kusto kql digital-forensics-incident-response live-response kusto-query-language microsoft-defender-for-endpoint kusto-query

UpdatedDec 29, 2024

ashwin-patil /blue-teaming-with-kql

Star208

Repository with Sample KQL Query examples for Threat Hunting

security azure threat-hunting siem loganalytics blueteaming azure-data-explorer kql azure-sentinel

UpdatedSep 1, 2022

rod-trent /Security-Copilot

Star183

My personal work with Copilot for Security

security code plugins copilot prompts kql

UpdatedMar 17, 2025
HTML

wortell /KQL

Star171

KQL queries for Advanced Hunting

security hunting kql

UpdatedJan 16, 2020

getkirby /kql

Star145

Kirby's Query Language API combines the flexibility of Kirby's data structures, the power of GraphQL and the simplicity of REST.

api cms json query kirby flat-file file-based query-language headless-cms kql

UpdatedFeb 12, 2025
PHP

alexverboon /Hunting-Queries-Detection-Rules

Star139

KQL Queries. Microsoft Defender, Microsoft Sentinel

security azure detection sentinel dfir hunting azuread kql defenderforendpoint defenderforidentity entraid defenderxdr

UpdatedFeb 26, 2025

lawndoc /AdvancedHuntingQueries

Sponsor

Star120

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.

microsoft security detection cybersecurity defender threat-hunting xdr hunting cyber-security kusto microsoft365 kql detection-engineering defender-atp defender-for-endpoint

UpdatedAug 5, 2024

ep3p /Sentinel_KQL

Star115

In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).

microsoft security azure sentinel siem watchlist kusto kql entra microsoft-sentinel entra-id