Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
-
Updated
Nov 22, 2024 - Jupyter Notebook
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
Microsoft Sentinel SOC Operations
The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel
A collection of various SIEM rules relating to malware family groups.
Ian Hanley's deceptively simple KQL queries.
Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.
A walkthrough of creating and using the Azure environment and Microsoft Sentinel to track attacks and plot attacks on a live map.
⛳️ PASS: Microsoft Azure AZ-500 (Azure Security Engineer Associate) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.
Add Microsoft Defender machine logon users to a Microsoft Sentinel incident comment
Microsoft Sentinel / Azure Open AI 演習のレポジトリです。
Revoke Entra ID user sessions from Microsoft Sentinel incidents
Microsoft Sentinel fork of Adaz 🔧 Deploy customizable Active Directory labs in Azure - automatically.
This workspace contains all the code (ARM templates and PowerShell) referenced inside my Medium article about the Sentinel Workspace Manager.
Content supporting the Microsoft hands-on at DSAG Technology Days March 2023
Extract domains from Microsoft Sentinel incidents and add them to a Zscaler custom URL category
This repository provides summarization Schedule Analytics Rules in Sentinel Incident
Add a description, image, and links to the microsoft-sentinel topic page so that developers can more easily learn about it.
To associate your repository with the microsoft-sentinel topic, visit your repo's landing page and select "manage topics."