kql topic

List kql repositories

FalconFriday

662
Stars
73
Forks
Watchers

Hunting queries and detections

verified publisher icon FalconForceTeam

sentinel-attack

1.0k
Stars
207
Forks
Watchers

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

verified publisher icon netevert

kql

141
Stars
5
Forks
Watchers

Kirby's Query Language API combines the flexibility of Kirby's data structures, the power of GraphQL and the simplicity of REST.

verified publisher icon getkirby

KQL

165
Stars
48
Forks
Watchers

KQL queries for Advanced Hunting

verified publisher icon wortell

blue-teaming-with-kql

193
Stars
37
Forks
Watchers

Repository with Sample KQL Query examples for Threat Hunting

verified publisher icon ashwin-patil

Hunting-Queries-Detection-Rules

1.0k
Stars
188
Forks
Watchers

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

verified publisher icon Bert-JanP

kusto-queries

100
Stars
33
Forks
Watchers

example queries for learning the kusto language

verified publisher icon tobiasmcvey

pf-azure-sentinel

30
Stars
6
Forks
Watchers

Parse pfSense/OPNSense logs using Logstash, GeoIP tag entities, add additional context to logs, then send to Azure Sentinel for analysis.

verified publisher icon noodlemctwoodle

Sentinel_KQL

115
Stars
23
Forks
Watchers

In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).

verified publisher icon ep3p

AdvancedHuntingQueries

94
Stars
12
Forks
Watchers

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant

verified publisher icon lawndoc