KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

KQL Queries. Microsoft Defender, Microsoft Sentinel

KQL Queries. Microsoft Defender, Microsoft Sentinel

The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior

KQL Detections for Microsoft Sentinel and Microsoft 365 Defender

Detection rules and threat hunting queries in Defender XDR and Azure Sentinel

A threat hunting platform that turns Sigma detection rules into actionable OpenSearch queries, letting security analysts go from 'I need to hunt for threats' to 'Here are the results'.

Requetes KQL MS SENTINEL & MS DEFENDER XDR

Microsoft Sentinel security content library including detection rules, workbooks, playbooks, and threat hunting queries

Advanced Tor detection with risk-based scoring, KQL hunting query, Sigma rules & response playbooks

This repo contains KQL queries for Microsoft Defender and Azure Sentinel, including advanced hunting and custom detection rules.

OAuth Redirect Abuse Detection Lab - Sentinel analytics rules, hunting queries, workbook, and Entra ID hardening for detecting OAuth redirect abuse

Sentinel detection lab for MCP attack chains: CVE-2026-26118 SSRF token theft, tool poisoning, cross-server exfiltration, identity post-exploitation. Maps to OWASP Agentic Top 10. 5 analytics rules, 7 hunting queries, workbook. Companion to nineliveszerotrust.com.

Hunting Queries Detection Rules

Hunting-Queries-Detection-Rules

Hunting-Queries-Detection-Rules

KQL Queries. Microsoft Defender, Microsoft Sentinel

No description available

No description available

No description available

No description available

Compilation of KQL Sentinel & Defender queries

Threat hunting queries and Sigma detection rules for SOC analysis.

No description available

SIEM queries, detection rules, and threat hunting techniques for identifying malicious activity

A collection of KQL detection rules and threat hunting queries for Microsoft security platforms

Collection of SIEM detections, hunting queries, Sigma rules and playbooks mapped to MITRE ATT&CK.

Python/Bash/PowerShell scripts, SIEM detection rules, Splunk configs, threat hunting queries, and incident response work

KQL-based detection engineering repository featuring threat hunting queries, analytics rules, and real-world attack detection scenarios for Microsoft Sentinel.

Microsoft Sentinel SOC lab — KQL detection rules, threat hunting queries, and IR playbooks mapped to MITRE ATT&CK