GitHub topics: microsoft-sentinel

Repositories

cyb3rmik3/KQL-threat-hunting-queries

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Size: 384 KB - Last synced at: 4 days ago - Pushed at: 4 days ago - Stars: 684 - Forks: 76

joelst/AzLighthouse

Managing Microsoft Sentinel with Azure Lighthouse

Language: PowerShell - Size: 170 KB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 0 - Forks: 0

innofactororg/microsoft-sentinel Fork of Azure/Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

Language: Python - Size: 8.08 GB - Last synced at: 6 days ago - Pushed at: 6 days ago - Stars: 0 - Forks: 0

dstreefkerk/ms-sentinel-mcp-server

MCP server for Microsoft Sentinel. Enables access to Sentinel logs, incidents, analytics, and Entra ID data via a modular, queryable interface. Strictly non-production. Designed for use with Claude and other LLMs.

Language: Python - Size: 323 KB - Last synced at: 7 days ago - Pushed at: 7 days ago - Stars: 1 - Forks: 0

EEN421/KQL-Queries

Ian Hanley's deceptively simple KQL queries.

Size: 136 KB - Last synced at: 10 days ago - Pushed at: 10 days ago - Stars: 49 - Forks: 10

Cyb3r-Monk/Threat-Hunting-and-Detection

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Language: Jupyter Notebook - Size: 407 KB - Last synced at: 5 days ago - Pushed at: 2 months ago - Stars: 727 - Forks: 105

ep3p/Sentinel_KQL

In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).

Size: 3.74 MB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 119 - Forks: 24

eshlomo1/CloudSec

Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.

Language: PowerShell - Size: 881 KB - Last synced at: 12 days ago - Pushed at: 12 days ago - Stars: 24 - Forks: 3

HybridBrothers/Hunting-Queries-Detection-Rules

The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior

Size: 59.6 KB - Last synced at: 14 days ago - Pushed at: 14 days ago - Stars: 30 - Forks: 2

briandelmsft/SentinelAutomationModules

The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel

Language: PowerShell - Size: 46.3 MB - Last synced at: 3 days ago - Pushed at: 4 days ago - Stars: 245 - Forks: 61

eshlomo1/Microsoft-Sentinel-SecOps

Microsoft Sentinel SOC Operations

Language: PowerShell - Size: 6.96 MB - Last synced at: 14 days ago - Pushed at: 10 months ago - Stars: 253 - Forks: 66

Accelerynt-Security/AS-Okta-NetworkZoneUpdate

Add IPs from Microsoft Sentinel Incidents to an Okta Network Zone Blocklist

Size: 1 MB - Last synced at: 27 days ago - Pushed at: 27 days ago - Stars: 0 - Forks: 0

Azure-Samples/Sentinel-For-SAP-Community

Repos for community driven custom extensions of Sentinel Solution for SAP built upon SAP Integration Suite

Size: 354 KB - Last synced at: 28 days ago - Pushed at: 28 days ago - Stars: 0 - Forks: 0

noodlemctwoodle/Sentinel-As-Code

An automation framework for deploying Microsoft Sentinel environments using pipelines. This project combines infrastructure-as-code (Bicep) with PowerShell automation to streamline the deployment of Sentinel solutions, analytics rules, and workbooks.

Language: PowerShell - Size: 104 KB - Last synced at: about 11 hours ago - Pushed at: about 12 hours ago - Stars: 8 - Forks: 4

MartinPankraz/DSAGTechXChange25

Content supporting the DSAG TechXChange April 2025

Language: PowerShell - Size: 93.8 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 6 - Forks: 0

xpinux/Project-SABER

Project-SABER: A repository of KQL queries and parsers for threat hunting, threat detection, and log parsing in Microsoft Sentinel & Microsoft XDR (formerly Microsoft 365 Defender)

Size: 58.6 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

ITPG-Security/Firewall-Blocker

App to ingest Threat Intelligence (TI) into a Firewall

Language: C# - Size: 107 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

Tit4ns0ul/Microsoft-Security-Operations-Analyst

Microsoft Security Operations Analyst

Size: 13.7 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 1 - Forks: 0

Ditectrev/Microsoft-Azure-AZ-500-Azure-Security-Engineer-Practice-Tests-Exams-Questions-Answers

⛳️ PASS: Microsoft Azure AZ-500 (Azure Security Engineer Associate) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.

Size: 16.6 MB - Last synced at: 3 months ago - Pushed at: 7 months ago - Stars: 13 - Forks: 19

joelst/Sentinel

Collection of Microsoft Sentinel scripts, queries, and nicknacks

Language: PowerShell - Size: 91.8 KB - Last synced at: 3 months ago - Pushed at: 3 months ago - Stars: 0 - Forks: 0

obi298/Azure-SIEM-Project

A step-by-step walkthrough of using Azure VM and Azure security tools to detect attackers and plot them on an attack map

Size: 96.7 KB - Last synced at: 4 months ago - Pushed at: 4 months ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Enable-Azure-AD-User-From-Entity

Enable Azure AD user accounts from Microsoft Sentinel account entities

Size: 2.33 MB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Disable-Azure-AD-User-From-Entity

Disable Azure AD user accounts from Microsoft Sentinel account entities

Size: 2.81 MB - Last synced at: 6 months ago - Pushed at: 6 months ago - Stars: 0 - Forks: 0

reversinglabs/reversinglabs-siem-rules

A collection of various SIEM rules relating to malware family groups.

Language: YARA - Size: 164 KB - Last synced at: 11 months ago - Pushed at: 11 months ago - Stars: 59 - Forks: 6

Accelerynt-Security/AS-Revoke-Azure-AD-User-Session-From-Entity

Revoke Entra ID user sessions from Microsoft Sentinel entities

Size: 3.37 MB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Revoke-Azure-AD-User-Session-From-Incident

Revoke Entra ID user sessions from Microsoft Sentinel incidents

Size: 1.92 MB - Last synced at: 12 months ago - Pushed at: 12 months ago - Stars: 4 - Forks: 1

Accelerynt-Security/AS-Block-Hash-in-Defender

Block File Hashes found in Microsoft Sentinel Incidents in Defender

Size: 2.37 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Sign-Out-Google-User

Sign out Google users from Microsoft Sentinel incidents

Language: Python - Size: 2.99 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

h0ffayyy/SentinelDomainMonitor

Use dnstwist to monitor for lookalike domains and send logs to Azure Log Analytics

Language: Python - Size: 469 KB - Last synced at: 10 months ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 2

h0ffayyy/MicrosoftSentinelStuff

Misc. content for Microsoft Sentinel

Size: 302 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 15 - Forks: 4

Accelerynt-Security/AS-Block-GitHub-User

Block GitHub users from Microsoft Sentinel incidents

Language: JavaScript - Size: 2.12 MB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0

timtim589/WorkspaceManager

This workspace contains all the code (ARM templates and PowerShell) referenced inside my Medium article about the Sentinel Workspace Manager.

Language: PowerShell - Size: 16.6 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

Accelerynt-Security/Zscaler-add-Domains-to-URL-Category

Extract domains from Microsoft Sentinel incidents and add them to a Zscaler custom URL category

Size: 3.05 MB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 1 - Forks: 0

Accelerynt-Security/AS-Remove-Domains-from-Zscaler-URL-Category

Extract domains from Microsoft Sentinel incidents and remove them from a Zscaler custom URL category

Size: 2.12 MB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

hisashin0728/SentinelAzureOpenAIQueryCheck

This repository provides summarization Schedule Analytics Rules in Sentinel Incident

Size: 16.6 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

hisashin0728/SentinelAzureOpenAI

Microsoft Sentinel / Azure Open AI 演習のレポジトリです。

Size: 298 KB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 2 - Forks: 1

Accelerynt-Security/AS-Add-Machine-Logon-Users-to-Incident

Add Microsoft Defender machine logon users to a Microsoft Sentinel incident comment

Size: 1.51 MB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 6 - Forks: 2

Accelerynt-Security/AS-Edgescan-Integration

Pull Edgescan assets, hosts, and vulnerabilities into Microsoft Sentinel custom logs

Size: 1.33 MB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 0 - Forks: 0

MartinPankraz/Security-Insights-2-Action

Content supporting the Microsoft hands-on at DSAG Technology Days March 2023

Size: 12.1 MB - Last synced at: about 2 months ago - Pushed at: about 2 years ago - Stars: 1 - Forks: 0

h0ffayyy/sentinel-to-yaml

Convert Microsoft Sentinel rule templates to YAML

Language: Python - Size: 16.6 KB - Last synced at: about 2 years ago - Pushed at: about 3 years ago - Stars: 1 - Forks: 0

Ben4FH/Adaz-Sentinel Fork of christophetd/Adaz

Microsoft Sentinel fork of Adaz :wrench: Deploy customizable Active Directory labs in Azure - automatically.

Language: HCL - Size: 4.16 MB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 2 - Forks: 0

Related Keywords

microsoft-sentinel 46 azure 15 microsoft 10 sentinel 9 entra-id 7 siem 7 kql 7 cybersecurity 6 threat-hunting 6 azure-sentinel 5 incident-response 5 threat-intelligence 4 detection-engineering 4 microsoft-defender 4 microsoft-azure 4 security 4 azure-security 3 azure-ad 3 soc 3 defender-for-endpoint 3 microsoft-security 3 cloud-security 3 entity 2 infosec 2 powershell 2 cloudsecurity 2 dfir 2 sentinel-for-sap 2 automation 2 microsoft-xdr 2 threat-detection 2 kusto 2 microsoft-365-defender 2 microsoftsentinel 2 azure-sentinel-playbook 2 zscaler 2 url-category 2 community-project 1 azure-virtual-networks 1 azure-virtual-network 1 key-vaults 1 network-security-group 1 azure-storage 1 azure-security-engineer-associate 1 azure-security-center 1 lab 1 network-security-groups 1 azure-log-analytics 1 sigma 1 spiderfoot 1 azure-active-directory 1 az-500 1 sonicwall 1 dotnet 1 csharp 1 syslog 1 parsers 1 logstash 1 log-parsing 1 github-api 1 workspace-manager 1 containers 1 azure-openai 1 google-api 1 sha256-hash 1 azureopenai 1 microsoft-defender-for-endopoint 1 edgescan-services 1 virtualization 1 audit 1 virtual-machine 1 logic-apps 1 firewall 1 data-visualization 1 azure-vm 1 sap 1 api 1 defender 1 subnet 1 rbac-management 1 rbac 1 practice-test 1 defender-xdr 1 defender-for-identity 1 defender-for-cloud-apps 1 gcp-security 1 cfir 1 aws-security 1 watchlist 1 entra 1 kusto-language 1 devsecops 1 mcp-server 1 mcp 1 log-analytics 1 llm-integration 1 mdr 1 csoc 1 azure-lighthouse 1 armtemplates 1