A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
-
Updated
Jun 15, 2024
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
Revoke Entra ID user sessions from Microsoft Sentinel incidents
Revoke Entra ID user sessions from Microsoft Sentinel entities
Microsoft Sentinel / Azure Open AI 演習のレポジトリです。
A collection of various SIEM rules relating to malware family groups.
Managing Microsoft Sentinel with Azure Lighthouse
App to ingest Threat Intelligence (TI) into a Firewall
⛳️ PASS: Microsoft Azure AZ-500 (Azure Security Engineer Associate) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.
Block File Hashes found in Microsoft Sentinel Incidents in Defender
Ian Hanley's deceptively simple KQL queries.
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
This repository contains all the presentations, demo's, videos and other resources that we use during our community events.
Enable Azure AD user accounts from Microsoft Sentinel account entities
Disable Azure AD user accounts from Microsoft Sentinel account entities
Microsoft Sentinel SOC Operations
Sign out Google users from Microsoft Sentinel incidents
Add a description, image, and links to the microsoft-sentinel topic page so that developers can more easily learn about it.
To associate your repository with the microsoft-sentinel topic, visit your repo's landing page and select "manage topics."