Skip to content
/ Hunting-Queries-Detection-Rules Public

The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior

hybridbrothers.com/
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

HybridBrothers/Hunting-Queries-Detection-Rules

BranchesTags

Repository files navigation

KQL Sentinel & Defender queries

KQL for Defender XDR, Microsoft Sentinel & other Microsoft Solutions

The purpose of this repository is to share KQL queries that can be used by anyone and are understandable. These queries are intended to increase detection coverage through the logs of Microsoft Security products. Not all suspicious activities generate an alert by default, but many of those activities can be made detectable through the logs. These queries include Detection Rules, Hunting Queries, Security misconfigurations and Visualisations. Anyone is free to use the queries.

Presenting this material as your own is illegal and forbidden. A reference to Twitter @RobbeVdDaele or Github RobbeVandenDaele is much appriciated when sharing or using the content.

Credits

@BertJanCyber - The content structure of this repository was adopted from Bert-Jan's KQL repository

About

The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior

hybridbrothers.com/

Topics

microsoft kql defender-for-endpoint microsoft-security microsoft-sentinel defender-for-identity entra-id defender-xdr defender-for-cloud-apps

Resources

Readme
Activity
Custom properties

Stars

3 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published