Skip to content

SlimKQL/Hunting-Queries-Detection-Rules

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

362 Commits
Azure
Azure
 
 
DefenderXDR
DefenderXDR
 
 
Sentinel
Sentinel
 
 
BingSiteAuth.xml
BingSiteAuth.xml
 
 
CNAME
CNAME
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
googlecde3b712e80c0223.html
googlecde3b712e80c0223.html
 
 

Repository files navigation

KQL Sentinel & Defender queries

KQL for Defender XDR, Microsoft Sentinel & other Microsoft Solutions

The purpose of this repository is to share KQL queries that can be used by anyone and are understandable. These queries are intended to increase detection coverage through the logs of Microsoft Security products. Not all suspicious activities generate an alert by default, but many of those activities can be made detectable through the logs. These queries include Detection Rules, Hunting Queries and Visualisations. Anyone is free to use the queries. If you have any questions feel free to reach out to me on Linkedin Steven Lim

Presenting this material as your own is illegal and forbidden. A reference to Linkedin @0x534c or Github @SLimKQL is much appreciated when sharing or using the content.

SlimKQL Hunting-Queries-Detection-Rules - Azure KQLs - DefenderXDR KQLs - Sentinel KQLs

About

KQL Queries. Microsoft Defender, Microsoft Sentinel

steven.lim.name

Topics

microsoft azure sentinel defender mitre-attack kql threathunting threatdetection defenderxdr

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

159 stars

Watchers

9 watching

Forks

27 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages