Kusto and Log Analytics MCP server help you execute a KQL (Kusto Query Language) query within an AI prompt, analyze, and visualize the data.
- Updated
- Python
#
kql-threathunting
Here are 22 public repositories matching this topic...
Detection rules and threat hunting queries in Defender XDR and Azure Sentinel
- Updated
This repository contains detection and threat hunting queries created by NVISO’s CSIRT and SOC teams.
queries sentinel cybersecurity threat-hunting threat-detection kusto kql detection-engineering detections kusto-language defender-for-endpoint microsoft-sentinel kql-threathunting kql-queries
- Updated
Maps Microsoft Defender XDR Schemas to a local Kustainer Data Explorer instance
- Updated
- Python
Documenting my threat hunting projects and experience as a Cybersecurity Analyst during my internship at LOGs N' PACIFIC. For educational purposes only.
splunk incident-response sentinel threat-hunting sigma soc kql microsoft-sentinel kql-threathunting threat-hunting-dashboard kql-queries
- Updated
AI-enhanced Azure SOC homelab for phishing detection & response, threat intelligence, and much more using Microsoft Sentinel, Defender XDR, and ANY.RUN.
incident-response dfir cybersecurity openai wireshark sysmon siem malware-analysis risk-assessment kali-linux iso27001 threat-intelligence microsoft-azure sora defender-for-endpoint microsoft-sentinel any-run kql-threathunting
- Updated
- Python
Large list of potential/known malicious browser extensions to hunt on
- Updated
This lab is inspired by concepts and guidance from Josh Madakor’s Cyber Range course.
incident-response threat-hunting siem microsoft-azure edr kql defender-for-endpoint kql-threathunting
- Updated
Case-based KQL investigations (KC7 + homelab) for blue-team threat hunting and incident response.
incident-response threat-hunting soc blue-team kusto kql detection-engineering microsoft-sentinel kc7 kql-threathunting
- Updated
This repository contains my labs for developing threat hunting skills by simulating real-world attack scenarios on Windows systems, focusing on system configuration tampering, unauthorised access detection, and network activity analysis.
- Updated
A collection of Mitre ATT&CK aligned KQL detection, hunting, and audit queries for Defender XDR.
kusto kql detection-engineering defender-for-endpoint defender-for-identity entra-id defender-xdr defender-for-cloud-apps kql-threathunting
- Updated
KQL Queries for Microsoft Sentinel and Microsoft Defender XDR
microsoft azure sentinel defender threat-hunting mitre mitre-attack kql threatdetection defenderxdr kql-threathunting kql-queries
- Updated
To hunt for potential malicious extensions
- Updated
Find potential local privilege escalation on windows with KQL
- Updated
My home lab using Azure Sentinel and Ubuntu VM as a honeypot
ssh azure honeypot geolocation incident-response cybersecurity siem soc cloud-security linux-ubuntu log-analytics blue-team home-lab azure-sentinel azure-cloud microsoft-sentinel kql-threathunting security-operations-engineer
- Updated
A Live Cloud SOC project using Azure Sentinel & Logic Apps to detect and automatically block RDP brute-force attacks from global botnets.
- Updated
In this repository, you will find KQL queries that can be executed in Defender EDR.
- Updated
My personal journal of CTF writeups, threat hunting investigations, and KQL experiments. Raw logs, step-by-step notes, and lessons learned from hands-on blue team and incident response challenges.
- Updated
- Updated
Improve this page
Add a description, image, and links to the kql-threathunting topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the kql-threathunting topic, visit your repo's landing page and select "manage topics."