Data

Tools

Indexes

Applications

Experiments

Repos

An open API service providing repository metadata for many open source software ecosystems.

GitHub topics: microsoft-sentinel

EEN421/KQL-Queries

Ian Hanley's deceptively simple KQL queries.

Size: 134 KB - Last synced at: 3 days ago - Pushed at: 3 days ago - Stars: 49 - Forks: 10

ep3p/Sentinel_KQL

In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).

Size: 3.69 MB - Last synced at: 3 days ago - Pushed at: 3 days ago - Stars: 119 - Forks: 23

Accelerynt-Security/AS-Okta-NetworkZoneUpdate

Add IPs from Microsoft Sentinel Incidents to an Okta Network Zone Blocklist

Size: 1 MB - Last synced at: 3 days ago - Pushed at: 3 days ago - Stars: 0 - Forks: 0

Azure-Samples/Sentinel-For-SAP-Community

Repos for community driven custom extensions of Sentinel Solution for SAP built upon SAP Integration Suite

Size: 354 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 0 - Forks: 0

innofactororg/microsoft-sentinel Fork of Azure/Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

Language: Python - Size: 8.01 GB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 0 - Forks: 0

briandelmsft/SentinelAutomationModules

The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel

Language: PowerShell - Size: 46.3 MB - Last synced at: 3 days ago - Pushed at: 3 days ago - Stars: 244 - Forks: 59

eshlomo1/Microsoft-Sentinel-SecOps

Microsoft Sentinel SOC Operations

Language: PowerShell - Size: 6.96 MB - Last synced at: 3 days ago - Pushed at: 10 months ago - Stars: 252 - Forks: 66

eshlomo1/CloudSec

Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.

Language: PowerShell - Size: 847 KB - Last synced at: 14 days ago - Pushed at: 14 days ago - Stars: 22 - Forks: 2

MartinPankraz/DSAGTechXChange25

Content supporting the DSAG TechXChange April 2025

Language: PowerShell - Size: 93.8 MB - Last synced at: 15 days ago - Pushed at: 15 days ago - Stars: 6 - Forks: 0

Cyb3r-Monk/Threat-Hunting-and-Detection

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Language: Jupyter Notebook - Size: 407 KB - Last synced at: 12 days ago - Pushed at: about 1 month ago - Stars: 719 - Forks: 103

cyb3rmik3/KQL-threat-hunting-queries

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Size: 382 KB - Last synced at: 17 days ago - Pushed at: 17 days ago - Stars: 673 - Forks: 73

HybridBrothers/Hunting-Queries-Detection-Rules

The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior

Size: 43 KB - Last synced at: 30 days ago - Pushed at: 30 days ago - Stars: 21 - Forks: 1

joelst/AzLighthouse

Managing Microsoft Sentinel with Azure Lighthouse

Language: PowerShell - Size: 136 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0

xpinux/Project-SABER

Project-SABER: A repository of KQL queries and parsers for threat hunting, threat detection, and log parsing in Microsoft Sentinel & Microsoft XDR (formerly Microsoft 365 Defender)

Size: 58.6 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0

ITPG-Security/Firewall-Blocker

App to ingest Threat Intelligence (TI) into a Firewall

Language: C# - Size: 107 KB - Last synced at: 2 months ago - Pushed at: 2 months ago - Stars: 0 - Forks: 0

Tit4ns0ul/Microsoft-Security-Operations-Analyst

Microsoft Security Operations Analyst

Size: 13.7 KB - Last synced at: about 2 months ago - Pushed at: 2 months ago - Stars: 1 - Forks: 0

Ditectrev/Microsoft-Azure-AZ-500-Azure-Security-Engineer-Practice-Tests-Exams-Questions-Answers

⛳️ PASS: Microsoft Azure AZ-500 (Azure Security Engineer Associate) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.

Size: 16.6 MB - Last synced at: about 2 months ago - Pushed at: 6 months ago - Stars: 13 - Forks: 19

joelst/Sentinel

Collection of Microsoft Sentinel scripts, queries, and nicknacks

Language: PowerShell - Size: 91.8 KB - Last synced at: about 2 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

obi298/Azure-SIEM-Project

A step-by-step walkthrough of using Azure VM and Azure security tools to detect attackers and plot them on an attack map

Size: 96.7 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Enable-Azure-AD-User-From-Entity

Enable Azure AD user accounts from Microsoft Sentinel account entities

Size: 2.33 MB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Disable-Azure-AD-User-From-Entity

Disable Azure AD user accounts from Microsoft Sentinel account entities

Size: 2.81 MB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0

reversinglabs/reversinglabs-siem-rules

A collection of various SIEM rules relating to malware family groups.

Language: YARA - Size: 164 KB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 59 - Forks: 6

Accelerynt-Security/AS-Revoke-Azure-AD-User-Session-From-Entity

Revoke Entra ID user sessions from Microsoft Sentinel entities

Size: 3.37 MB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Revoke-Azure-AD-User-Session-From-Incident

Revoke Entra ID user sessions from Microsoft Sentinel incidents

Size: 1.92 MB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 4 - Forks: 1

Accelerynt-Security/AS-Block-Hash-in-Defender

Block File Hashes found in Microsoft Sentinel Incidents in Defender

Size: 2.37 MB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Sign-Out-Google-User

Sign out Google users from Microsoft Sentinel incidents

Language: Python - Size: 2.99 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

h0ffayyy/SentinelDomainMonitor

Use dnstwist to monitor for lookalike domains and send logs to Azure Log Analytics

Language: Python - Size: 469 KB - Last synced at: 9 months ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 2

h0ffayyy/MicrosoftSentinelStuff

Misc. content for Microsoft Sentinel

Size: 302 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 15 - Forks: 4

Accelerynt-Security/AS-Block-GitHub-User

Block GitHub users from Microsoft Sentinel incidents

Language: JavaScript - Size: 2.12 MB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0

timtim589/WorkspaceManager

This workspace contains all the code (ARM templates and PowerShell) referenced inside my Medium article about the Sentinel Workspace Manager.

Language: PowerShell - Size: 16.6 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

Accelerynt-Security/Zscaler-add-Domains-to-URL-Category

Extract domains from Microsoft Sentinel incidents and add them to a Zscaler custom URL category

Size: 3.05 MB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0

Accelerynt-Security/AS-Remove-Domains-from-Zscaler-URL-Category

Extract domains from Microsoft Sentinel incidents and remove them from a Zscaler custom URL category

Size: 2.12 MB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

hisashin0728/SentinelAzureOpenAIQueryCheck

This repository provides summarization Schedule Analytics Rules in Sentinel Incident

Size: 16.6 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

hisashin0728/SentinelAzureOpenAI

Microsoft Sentinel / Azure Open AI 演習のレポジトリです。

Size: 298 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 2 - Forks: 1

Accelerynt-Security/AS-Add-Machine-Logon-Users-to-Incident

Add Microsoft Defender machine logon users to a Microsoft Sentinel incident comment

Size: 1.51 MB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 6 - Forks: 2

Accelerynt-Security/AS-Edgescan-Integration

Pull Edgescan assets, hosts, and vulnerabilities into Microsoft Sentinel custom logs

Size: 1.33 MB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

MartinPankraz/Security-Insights-2-Action

Content supporting the Microsoft hands-on at DSAG Technology Days March 2023

Size: 12.1 MB - Last synced at: 22 days ago - Pushed at: about 2 years ago - Stars: 1 - Forks: 0

h0ffayyy/sentinel-to-yaml

Convert Microsoft Sentinel rule templates to YAML

Language: Python - Size: 16.6 KB - Last synced at: about 2 years ago - Pushed at: about 3 years ago - Stars: 1 - Forks: 0

Ben4FH/Adaz-Sentinel Fork of christophetd/Adaz

Microsoft Sentinel fork of Adaz :wrench: Deploy customizable Active Directory labs in Azure - automatically.

Language: HCL - Size: 4.16 MB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 2 - Forks: 0

Accelerynt-Security/AS-Incident-Account-Spiderfoot-Scan

Run Spiderfoot scans on account entities from Microsoft Sentinel incidents

Size: 1.34 MB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Incident-Host-Exposure-Level

Add comments containing Microsoft Defender exposure level to Microsoft Sentinel incidents

Size: 851 KB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 0 - Forks: 1

hisashin0728/SentinelRule_AzureCISBenchmark

Microsoft Sentinel rules for Azure CIS Benchmark Ver.1.4.0

Size: 309 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

hisashin0728/AADIDPCustomRuleForSentinel

Azure Active Directory Identity Protection Custom Rule for Microsoft Sentinel

Size: 16.6 KB - Last synced at: almost 2 years ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Compromised-Machine-Tagging

Tag machines in Microsoft Defender from a Microsoft Sentinel Incident

Size: 751 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

Related Keywords
microsoft-sentinel 44 azure 14 microsoft 10 sentinel 9 kql 7 entra-id 7 siem 7 cybersecurity 6 threat-hunting 6 azure-sentinel 5 incident-response 5 microsoft-azure 4 security 4 detection-engineering 4 microsoft-defender 4 azure-security 3 threat-intelligence 3 defender-for-endpoint 3 soc 3 azure-ad 3 cloud-security 3 microsoftsentinel 2 microsoft-xdr 2 entity 2 microsoft-security 2 infosec 2 cloudsecurity 2 microsoft-365-defender 2 kusto 2 dfir 2 url-category 2 sentinel-for-sap 2 zscaler 2 threat-detection 2 azure-sentinel-playbook 2 key-vaults 1 network-security-group 1 community-project 1 network-security-groups 1 practice-test 1 rbac 1 azureopenai 1 azure-virtual-networks 1 azure-virtual-network 1 azure-storage 1 azure-security-engineer-associate 1 azure-security-center 1 azure-log-analytics 1 spiderfoot 1 azure-active-directory 1 az-500 1 sonicwall 1 dotnet 1 csharp 1 syslog 1 azure-openai 1 workspace-manager 1 github-api 1 containers 1 microsoft-defender-for-endopoint 1 google-api 1 sha256-hash 1 edgescan-services 1 virtualization 1 audit 1 logic-apps 1 sap 1 virtual-machine 1 lab 1 powershell 1 firewall 1 data-visualization 1 azure-vm 1 api 1 defender 1 sigma 1 subnet 1 rbac-management 1 gcp-security 1 cfir 1 aws-security 1 secops 1 ir 1 hunting 1 sample-code 1 azuresentinel 1 automation 1 mdr 1 csoc 1 soar 1 sap-security 1 sap-s4hana-cloud 1 sap-netweaver-rfc 1 sap-netweaver 1 sap-integration-suite 1 sap-erp 1 integration-flow 1 agentless 1 okta 1 integration 1