KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
-
Updated
Sep 19, 2024 - Python
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Hunting queries and detections
MDATP
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
Python for Security is the home of all open source Python projects that can integrate with Microsoft Technologies.
Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations
This repository will describe the details surrounding the SIEM (wazuh) mini project, which will cover all aspects of topology design, deployment, rules, integration, and fine tune.
ASR Configurator, Essentials and Atomic Testing
Microsoft Intune Custom Compliance
Microsoft Defender for Endpoint PowerShell module
Repo includes KQL queries that you can run in your Azure Log Analyics environment.
Repository for Software Certs for easy software blocking across corp environments, for example, using MDE IOC
Resource Level Enabled for Defender for Servers P1
A PowerShell module to interact with Microsoft's Defender for Endpoint API.
Custom made Query which you can run in your Microsoft Defender - Advanced Hunting tool to look for network activity related to Egregor Ransomware.
K9-Defender is highly Simple with a Sophisticated Watchdog System and a Powerful Process Scanning both for Windows 10 and 11
IOC Generator for Microsoft Defender for Endpoints
Experimental infrastructure and concepts for Azure Defender for Cloud
Powershell script to safely extract potentially malicious files from an endpoint by combining 7-Zip and MDE's live response getfile feature.
Add a description, image, and links to the defender-for-endpoint topic page so that developers can more easily learn about it.
To associate your repository with the defender-for-endpoint topic, visit your repo's landing page and select "manage topics."