Ecosyste.ms: Repos

An open API service providing repository metadata for many open source software ecosystems.

GitHub topics: kql

Repositories

NeilMacMullen/kusto-loco

C# KQL query engine with flexible I/O layers and visualization

Language: C# - Size: 2.1 MB - Last synced: about 5 hours ago - Pushed: about 23 hours ago - Stars: 21 - Forks: 0

ep3p/Sentinel_KQL

In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).

Size: 3.5 MB - Last synced: about 8 hours ago - Pushed: about 9 hours ago - Stars: 92 - Forks: 19

jostuffl/AzureSentinel_Stuff

A collection of things I've created or found that I think is useful for Azure Sentinel.

Language: Jupyter Notebook - Size: 9.82 MB - Last synced: 2 days ago - Pushed: 3 days ago - Stars: 12 - Forks: 2

LearningKijo/KQL

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

Size: 7.21 MB - Last synced: about 7 hours ago - Pushed: 2 months ago - Stars: 407 - Forks: 70

thomas-touhey/kaquel

Tools for handling ElasticSearch queries in various languages (Gitlab.com mirror).

Language: Python - Size: 155 KB - Last synced: 3 days ago - Pushed: 4 days ago - Stars: 0 - Forks: 0

gh-andrem/DefenderXDR-AdvancedHunting

Defender XDR Advanced Hunting Queries (MDE, MDAV, Device Discovery)

Language: PowerShell - Size: 99.6 KB - Last synced: 5 days ago - Pushed: 5 days ago - Stars: 7 - Forks: 0

f-bader/AzSentinelQueries

Repository with Sentinel Analytics Rules and Hunting Queries

Size: 3.17 MB - Last synced: 6 days ago - Pushed: 6 days ago - Stars: 59 - Forks: 13

alexverboon/Hunting-Queries-Detection-Rules

KQL Queries. Microsoft 365 Defender, Microsoft Sentinel

Size: 134 KB - Last synced: 6 days ago - Pushed: 7 days ago - Stars: 78 - Forks: 7

alexverboon/MDATP

Microsoft Defender XDR - Resource Hub

Language: PowerShell - Size: 1.21 MB - Last synced: about 5 hours ago - Pushed: 5 months ago - Stars: 450 - Forks: 59

Azure/tsi2rti

CMF Analytics scenario TSI to ADX or Fabric RTI migration tools

Language: PowerShell - Size: 16.6 MB - Last synced: 1 day ago - Pushed: 7 days ago - Stars: 0 - Forks: 2

b4fun/ku

Toolkit for collecting and exploring logs using pipelined query lanaguage and sqlite.

Language: TypeScript - Size: 4.62 MB - Last synced: 9 days ago - Pushed: 9 days ago - Stars: 6 - Forks: 0

McL0vinn/MicrosoftDefender-Egregor

Custom made Query which you can run in your Microsoft Defender - Advanced Hunting tool to look for network activity related to Egregor Ransomware.

Size: 5.86 KB - Last synced: 10 days ago - Pushed: over 3 years ago - Stars: 0 - Forks: 0

rod-trent/Copilot-for-Security

My personal work with Copilot for Security

Language: HTML - Size: 16.1 MB - Last synced: 19 days ago - Pushed: 20 days ago - Stars: 76 - Forks: 14

0xAnalyst/DefenderATPQueries

Hunting Queries for Defender ATP

Size: 172 KB - Last synced: 18 days ago - Pushed: 18 days ago - Stars: 47 - Forks: 5

cyb3rmik3/KQL-threat-hunting-queries

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Size: 285 KB - Last synced: 18 days ago - Pushed: 18 days ago - Stars: 441 - Forks: 50

weeyin83/KQL-queries

KQL Queries

Size: 4.88 KB - Last synced: 19 days ago - Pushed: 19 days ago - Stars: 0 - Forks: 0

Bert-JanP/Hunting-Queries-Detection-Rules

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Language: Python - Size: 550 KB - Last synced: 19 days ago - Pushed: 19 days ago - Stars: 1,020 - Forks: 185

This repository contains a selection of Kusto Query Language (KQL) queries designed for proactive threat hunting. Aligned with the MITRE ATT&CK framework, these queries are crafted to detect and address potential threats effectively.

Size: 45.9 KB - Last synced: 20 days ago - Pushed: 20 days ago - Stars: 0 - Forks: 0

AbhinavJ-data/Conference-Sessions

Technical content and slides from conference sessions presented by Abhi Jayanty

Size: 42.3 MB - Last synced: 19 days ago - Pushed: 20 days ago - Stars: 1 - Forks: 0

0fflineDocs/KQL

KQL Queries, Microsoft 365 Security

Size: 211 KB - Last synced: 21 days ago - Pushed: 21 days ago - Stars: 5 - Forks: 0

FalconForceTeam/FalconFriday

Hunting queries and detections

Size: 165 KB - Last synced: 12 days ago - Pushed: 2 months ago - Stars: 658 - Forks: 72

getkirby/kql

Kirby's Query Language API combines the flexibility of Kirby's data structures, the power of GraphQL and the simplicity of REST.

Language: PHP - Size: 194 KB - Last synced: 5 days ago - Pushed: 7 months ago - Stars: 141 - Forks: 5

beatrizfriso/KQLQueryQuest

Your self-guide to crafting better queries. Uncover tips, tricks, and insights to level up your KQL skills 🚀

Size: 7.81 KB - Last synced: 26 days ago - Pushed: 27 days ago - Stars: 0 - Forks: 0

teznadzn/KQLQueries

Curated collection of Kusto Query Language (KQL) queries built during my experience as a SOC analyst in primarily a Microsoft environment.

Size: 45.9 KB - Last synced: about 1 month ago - Pushed: about 1 month ago - Stars: 0 - Forks: 0

azure-scavengers/Azure-Unused-Orphan-CostOptimization

This project aims on Cost savings to Azure consumers by identifying Unused or Idle Orphan Resources with Azure Cost Optimization best practices. Costly resources such as Application Gateway, App Service plan, PowerBI Embedded capacity, SQL database, Cosmos DB, Storages, etc can be assessed.

Size: 140 KB - Last synced: about 1 month ago - Pushed: about 1 month ago - Stars: 4 - Forks: 3

cyb3rmik3/MDE-DFIR-Resources

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

Size: 94.7 KB - Last synced: about 1 month ago - Pushed: about 1 month ago - Stars: 269 - Forks: 31

Seddryck/Kusto-session

Session about the Kusto query language that you can find in Azure tools such as Azure Data explorer (ADX) but also Azure Time Series Insights.

Language: Jupyter Notebook - Size: 1.74 MB - Last synced: about 1 month ago - Pushed: 3 months ago - Stars: 0 - Forks: 0

Dobatymo/kibana-ql-python

Parser for the Kibana Query Language (KQL)

Language: Python - Size: 7.81 KB - Last synced: about 1 month ago - Pushed: about 1 year ago - Stars: 1 - Forks: 0

cylaris/awesomekql

Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs

Size: 163 KB - Last synced: 22 days ago - Pushed: 11 months ago - Stars: 44 - Forks: 5

geekzter/azure-governance

Azure Governance - bits & pieces

Language: HCL - Size: 35.2 KB - Last synced: about 2 months ago - Pushed: over 2 years ago - Stars: 1 - Forks: 2

miztiik/send-vm-logs-to-azure-monitor

Collect, Transform and Load custom logs to Azure Log Analytics Workspace

Language: Bicep - Size: 659 KB - Last synced: about 2 months ago - Pushed: about 1 year ago - Stars: 1 - Forks: 1

miztiik/azure-alert-on-custom-metrics

Use custom logs from azure vm to monitor resources and alert on events

Language: Bicep - Size: 439 KB - Last synced: about 2 months ago - Pushed: about 1 year ago - Stars: 0 - Forks: 1

lawndoc/AdvancedHuntingQueries

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant

Size: 299 KB - Last synced: about 1 month ago - Pushed: 7 months ago - Stars: 94 - Forks: 12

netevert/sentinel-attack

Tools to rapidly deploy a threat hunting capability on Azure Sentinel that leverages Sysmon and MITRE ATT&CK

Language: HCL - Size: 43.1 MB - Last synced: about 2 months ago - Pushed: 9 months ago - Stars: 1,037 - Forks: 206

Aloshi/kql-parser

Python parser for Kibana Query Language (KQL).

Language: Python - Size: 19.5 KB - Last synced: 2 months ago - Pushed: 2 months ago - Stars: 4 - Forks: 0

globalbao/azure-resource-graph

Collection of Azure Resource Graph queries for use in Portal and via PowerShell - by @JesseLoudon

Size: 63.5 KB - Last synced: about 2 months ago - Pushed: over 1 year ago - Stars: 56 - Forks: 21

teznadzn/SOCEntityTriageWorkbook

The SOC Entity Triage workbook is designed to enhance the triage process for security operation centers (SOCs) by providing a comprehensive and interactive analysis tool within Azure Sentinel. This workbook aims to streamline the investigation of entities such as IP addresses, hostnames, AD users, and email accounts,.

Size: 48.8 KB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 0 - Forks: 0

ashwin-patil/blue-teaming-with-kql

Repository with Sample KQL Query examples for Threat Hunting

Size: 21.6 MB - Last synced: 3 months ago - Pushed: almost 2 years ago - Stars: 189 - Forks: 37

matsest/az-resource-graph

Azure Resource Graph learnings with Azure PowerShell, Azure CLI and VS Code

Language: PowerShell - Size: 6.84 KB - Last synced: about 1 month ago - Pushed: 3 months ago - Stars: 0 - Forks: 0

microsoft/Fabric-RTA-FlightStream

Microsoft Fabric Real-time Analytics flight streaming

Language: Jupyter Notebook - Size: 1.04 MB - Last synced: 2 months ago - Pushed: 4 months ago - Stars: 14 - Forks: 2

wortell/KQL 📦

KQL queries for Advanced Hunting

Size: 39.1 KB - Last synced: 3 months ago - Pushed: over 4 years ago - Stars: 165 - Forks: 48

jischell-msft/RemoteManagementMonitoringTools

Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations

Language: PowerShell - Size: 165 KB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 61 - Forks: 5

dotvt/SecurityMaster365

Ressources nécessaire ou facilitant la sécurisation de son environnement Microsoft 365.

Size: 166 KB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 2 - Forks: 0

Vladimir-Rom/gokql

Golang interpreter for the Kibana Query Language (KQL)

Language: Go - Size: 77.1 KB - Last synced: 3 months ago - Pushed: 3 months ago - Stars: 6 - Forks: 0

back1ply/8-Week-SQL-Challenge

Solving the 8 Week SQL Challenge using m-code, KQL.

Size: 138 KB - Last synced: 4 months ago - Pushed: 4 months ago - Stars: 0 - Forks: 0

Azure/pykusto

Query Kusto like a pro from the comfort of your Jupyter notebook

Language: Python - Size: 638 KB - Last synced: 7 days ago - Pushed: over 1 year ago - Stars: 30 - Forks: 8

EEN421/KQL-Queries

Ian Hanley's deceptively simple KQL queries.

Size: 124 KB - Last synced: 5 months ago - Pushed: 5 months ago - Stars: 38 - Forks: 7

xFFninja/happy_threat_hunting

Threat Hunting

Size: 22.5 KB - Last synced: 5 months ago - Pushed: 5 months ago - Stars: 6 - Forks: 1

Cyb3r-Monk/Threat-Hunting-and-Detection

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Language: Jupyter Notebook - Size: 316 KB - Last synced: 5 months ago - Pushed: 5 months ago - Stars: 500 - Forks: 80

madret/kql-generator

KQL generator, for generating quick Hunting queries. Microsoft 365 Defender focussed.

Size: 47.9 KB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 1 - Forks: 0

diogo-fernan/mde-kql-hunting

A collection of MDE KQL hunting queries useful for incident response and threat hunting.

Size: 10.7 KB - Last synced: about 1 month ago - Pushed: almost 2 years ago - Stars: 5 - Forks: 1

AnthonyByansi/Azure-Log-Analysis-Kit

A comprehensive collection of Kusto Query Language (KQL) scripts and tools for simplified log analysis and troubleshooting in Azure and DevOps environments.

Size: 10.7 KB - Last synced: 5 months ago - Pushed: 9 months ago - Stars: 2 - Forks: 0

AnthonyByansi/kql-explorers-guide

A comprehensive Kusto Query Language (KQL) learning repository covering basic syntax to advanced topics, with hands-on exercises, code samples, and resources for data analysis in Azure Data Explorer.

Language: Shell - Size: 78.1 KB - Last synced: 4 months ago - Pushed: 9 months ago - Stars: 3 - Forks: 0

f-mahler/vuekit

Kirby 3 + Vue.js kit

Language: PHP - Size: 4.83 MB - Last synced: 6 months ago - Pushed: almost 3 years ago - Stars: 19 - Forks: 1

dangermike27/SOC_Queries

useful KQL Queries

Size: 10.7 KB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 0 - Forks: 0

diorfunn/KustoQueryGenerator

Use KQG and generate Kusto scripts | Used with Defender ATP

Size: 1.95 KB - Last synced: 6 months ago - Pushed: 6 months ago - Stars: 0 - Forks: 0

davidnx/baby-kusto-csharp

A self-contained execution engine for the Kusto Query Language (KQL) written in C#

Language: C# - Size: 777 KB - Last synced: 9 months ago - Pushed: 9 months ago - Stars: 16 - Forks: 4

MSJosh/MDI-Items

Defender for Identity Technical Items

Size: 50.8 KB - Last synced: 7 months ago - Pushed: 7 months ago - Stars: 2 - Forks: 1

N372unn32/AzureKQLPowerShellExtractor

PowerShell Module that extracts data from Microsoft Azure using ARG KQL queries running in PowerShell. The extracted data can be exported to CSV, Excel, JSON reports, mitigating the maximum rows limitation of ARG Explorer on Azure.

Language: PowerShell - Size: 43 KB - Last synced: 9 months ago - Pushed: 9 months ago - Stars: 2 - Forks: 0

ugurkocde/KQL-Search

Language: JavaScript - Size: 1.01 MB - Last synced: 9 months ago - Pushed: 9 months ago - Stars: 21 - Forks: 3

nguyen18/WVD-KustoQueries

KQL queries for monitor log analytics

Size: 35.2 KB - Last synced: 10 months ago - Pushed: over 2 years ago - Stars: 3 - Forks: 1

0xbythesecond/Azure-Monitor

Size: 34.2 KB - Last synced: 10 months ago - Pushed: 10 months ago - Stars: 0 - Forks: 0

azure-scavengers/Azure-Unused-Resources

This project aims on Cost savings to Azure consumers by identifying Unused or Idle Resources with Azure Cost Optimization best practices. Costly resources such as Application Gateway, App Service plan, PowerBI Embedded capacity, SQL database, Cosmos DB, Storages, etc can be assessed.

Size: 215 KB - Last synced: 10 months ago - Pushed: 10 months ago - Stars: 0 - Forks: 0

Saggiehaim/Awesome-KQL

Awesome KQL queries for KQL Ninjas

Size: 22.5 KB - Last synced: 10 months ago - Pushed: about 1 year ago - Stars: 3 - Forks: 1

cyph3rryx/CyberThreat-Monitor

CyberThreat Monitor (SIEM Lab) with Microsoft Azure is a comprehensive threat monitoring solution built on Azure Sentinel, providing real-time visibility into global cyber threats.

Language: PowerShell - Size: 1.41 MB - Last synced: 8 months ago - Pushed: 8 months ago - Stars: 1 - Forks: 0

ingebeumer/LogAnalyticsToDevOpsForODA

Export and transform Focus Area as well as findings and recommendations from Log Analytics workspace for On-Demand Assessment and import them as Epics and Product backlog items in Azure DevOps.

Size: 88.9 KB - Last synced: 11 months ago - Pushed: over 1 year ago - Stars: 0 - Forks: 0

0xbythesecond/Azure-Cloud-Detection-Part-2-Getting-Data-into-Sentinel

Size: 128 KB - Last synced: 11 months ago - Pushed: 11 months ago - Stars: 0 - Forks: 0

EEN421/EEN421.github.io Fork of daattali/beautiful-jekyll

✨ Hanley.cloud

Language: HTML - Size: 51.1 MB - Last synced: about 2 months ago - Pushed: about 2 months ago - Stars: 0 - Forks: 0

bnomei/kirby3-htmlpurifier

Static class method, Uniform-Guard and Field-Method to filter your "dirty" HTML inputs to "clean" HTML.

Language: PHP - Size: 482 KB - Last synced: about 1 month ago - Pushed: about 1 year ago - Stars: 3 - Forks: 0

0xbythesecond/Sentinel-Lab-Failed-Login

The Powershell script in this repository is responsible for parsing out Windows Event Log information for failed RDP attacks and using a third party API to collect geographic information about the attackers location.

Size: 76.2 KB - Last synced: 12 months ago - Pushed: 12 months ago - Stars: 0 - Forks: 0

hrtywhy/Sentinel-Queries

Cheat Sheet KQL increase your Azure Sentinel visibility & Threat Hunting

Size: 26.4 KB - Last synced: 12 months ago - Pushed: over 1 year ago - Stars: 3 - Forks: 0

BonGabriel/azure-cloud-detection

Size: 9.77 KB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 0 - Forks: 0

0xbythesecond/Azure-SOC-Honeynet-Project

Built a mini HoneyNet in Azure and ingest log sources from various resources into a Log Analytics workspace

Size: 4.01 MB - Last synced: 11 months ago - Pushed: 11 months ago - Stars: 1 - Forks: 0

tomwechsler/Azure_KQL

Everything around the topic of KQL in Azure.

Size: 5.86 KB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 3 - Forks: 7

Bert-JanP/KQL-MISP

KQL MISP implementation for Sentinel and Defender For Endpoint | In development

Size: 83 KB - Last synced: 12 months ago - Pushed: 12 months ago - Stars: 0 - Forks: 0

hoferandrea/blog

This repo contains content which ist related to my blog https://hoferlabs.ch/.

Language: PowerShell - Size: 12.7 KB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 0 - Forks: 0

squaredup/samples

A collection of sample dashboards, custom labels, mustaches, SQL scripts and PowerShell scripts to help you get the most out of SquaredUp. #community-powered

Language: PowerShell - Size: 8.18 MB - Last synced: 2 months ago - Pushed: over 1 year ago - Stars: 18 - Forks: 13

y0nil/kusto.blog

A technical blog about Kusto

Language: HTML - Size: 2.66 MB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 10 - Forks: 2

tobiasmcvey/kusto-queries

example queries for learning the kusto language

Size: 31.3 KB - Last synced: about 1 year ago - Pushed: almost 3 years ago - Stars: 74 - Forks: 29

PaulNiklausPraveen/Kusto-Query-Language-KQL-

Kusto Query Language is a powerful tool to explore your data and discover patterns, identify anomalies and outliers, create statistical modeling, and more. The query uses schema entities that are organized in a hierarchy similar to SQLs: databases, tables, and columns

Language: C - Size: 19.5 KB - Last synced: about 1 year ago - Pushed: about 1 year ago - Stars: 0 - Forks: 0