Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
Microsoft Sentinel SOC Operations
Production-ready KQL queries for Microsoft Defender XDR and Microsoft Sentinel. Focused on Threat Hunting, Detection Engineering, and MITRE ATT&CK mapping.
The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior
A collection of various SIEM rules relating to malware family groups.
Ian Hanley's deceptively simple KQL queries.
An automation framework for deploying Microsoft Sentinel environments using pipelines. This project combines infrastructure-as-code (Bicep) with PowerShell automation to streamline the deployment of Sentinel solutions, analytics rules, and workbooks.
Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.
⛳️ PASS: Microsoft Azure AZ-500 (Azure Security Engineer Associate) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.
A walkthrough of creating and using the Azure environment and Microsoft Sentinel to track attacks and plot attacks on a live map.
A production-ready, enterprise-grade MDR framework that transforms chaotic security alerts into structured, actionable intelligence.
The self-hosted KQL query management platform for SOC teams
MCP server for Microsoft Sentinel. Enables access to Sentinel logs, incidents, analytics, and Entra ID data via a modular, queryable interface. Strictly non-production. Designed for use with Claude and other LLMs.
End-to-end Azure edge security lab: Front Door Premium with WAF, dual-region Container Apps failover, Microsoft Sentinel, SOC automation, and Azure Workbooks. One-click deploy with Bicep + azd.
This repository contains detection and threat hunting queries created by NVISO’s CSIRT and SOC teams.
Content supporting the DSAG TechXChange April 2025
Add a description, image, and links to the microsoft-sentinel topic page so that developers can more easily learn about it.
To associate your repository with the microsoft-sentinel topic, visit your repo's landing page and select "manage topics."