GitHub topics: microsoft-sentinel

Repositories

Da20daMyd/KQL-sentinel-mdr-reference

📊 Explore comprehensive KQL documentation for Microsoft Defender XDR and Azure Monitor, optimized for seamless Context7 integration.

Language: HTML - Size: 35.2 KB - Last synced at: about 22 hours ago - Pushed at: 1 day ago - Stars: 0 - Forks: 0

xpinux/Project-SABER

Project-SABER: A repository of KQL queries and parsers for threat hunting, threat detection, and log parsing in Microsoft Sentinel & Microsoft XDR (formerly Microsoft 365 Defender)

Size: 140 KB - Last synced at: 1 day ago - Pushed at: 1 day ago - Stars: 2 - Forks: 0

CadMendes/sentinel-homelab-cadmendes

Language: Mermaid - Size: 5.86 KB - Last synced at: 2 days ago - Pushed at: 2 days ago - Stars: 0 - Forks: 0

innofactororg/microsoft-sentinel Fork of Azure/Azure-Sentinel

Cloud-native SIEM for intelligent security analytics for your entire enterprise.

Language: Python - Size: 8.54 GB - Last synced at: 2 days ago - Pushed at: 2 days ago - Stars: 0 - Forks: 0

EEN421/KQL-Queries

Ian Hanley's deceptively simple KQL queries.

Size: 205 KB - Last synced at: 3 days ago - Pushed at: 3 days ago - Stars: 54 - Forks: 10

obitech21/Azure-SIEM-Project

A step-by-step walkthrough of using Azure VM and Azure security tools to detect attackers and plot them on an attack map

Size: 169 KB - Last synced at: 5 days ago - Pushed at: 5 days ago - Stars: 0 - Forks: 0

brianbrandson/kql-threat-hunting-cases

Case-based KQL investigations (KC7 + homelab) for blue-team threat hunting and incident response.

Size: 559 KB - Last synced at: 9 days ago - Pushed at: 9 days ago - Stars: 0 - Forks: 0

ep3p/Sentinel_KQL

In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).

Language: XSLT - Size: 3.81 MB - Last synced at: 10 days ago - Pushed at: 10 days ago - Stars: 128 - Forks: 24

cyb3rmik3/KQL-threat-hunting-queries

A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Size: 408 KB - Last synced at: 10 days ago - Pushed at: 10 days ago - Stars: 722 - Forks: 89

tungsec/KQL

This repository contains some of the KQL queries I use most.

Size: 13.7 KB - Last synced at: 11 days ago - Pushed at: 11 days ago - Stars: 1 - Forks: 0

HybridBrothers/Hunting-Queries-Detection-Rules

The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior

Size: 68.4 KB - Last synced at: 11 days ago - Pushed at: 12 days ago - Stars: 42 - Forks: 2

eshlomo1/Microsoft-Sentinel-SecOps

Microsoft Sentinel SOC Operations

Language: PowerShell - Size: 6.96 MB - Last synced at: 9 days ago - Pushed at: about 1 year ago - Stars: 260 - Forks: 66

dstreefkerk/ms-sentinel-mcp-server

MCP server for Microsoft Sentinel. Enables access to Sentinel logs, incidents, analytics, and Entra ID data via a modular, queryable interface. Strictly non-production. Designed for use with Claude and other LLMs.

Language: Python - Size: 442 KB - Last synced at: 20 days ago - Pushed at: 20 days ago - Stars: 7 - Forks: 4

briandelmsft/SentinelAutomationModules

The Microsoft Sentinel Triage AssistanT (STAT) enables easy to create incident triage automation in Microsoft Sentinel

Language: PowerShell - Size: 46.3 MB - Last synced at: 30 days ago - Pushed at: 30 days ago - Stars: 257 - Forks: 61

jason-p-nguyen/threat-hunting-projects

🕵️‍♂️ Hands-on threat hunting projects using Sentinel, MDE, and KQL. Includes queries, visualizations, and step-by-step analysis of suspicious activity.

Language: PowerShell - Size: 33.7 MB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 0

joelst/AzLighthouse

Managing Microsoft Sentinel with Azure Lighthouse

Language: PowerShell - Size: 145 KB - Last synced at: about 1 month ago - Pushed at: about 1 month ago - Stars: 0 - Forks: 1

eshlomo1/CloudSec

Welcome to the Cloud Security Toolkit repository, your all-in-one destination for cutting-edge cloud security resources! Whether you're diving into offensive strategies, mastering threat hunting, or bolstering your blue-team defenses, this repo has you covered.

Language: PowerShell - Size: 921 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 32 - Forks: 9

fizahmad/azure-sentinel-threat-lab

Cloud-based SOC lab built in Azure using Microsoft Sentinel, KQL, and Logic Apps to simulate attacks, detect threats, and automate incident response.

Size: 240 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0

karimksili/code-sentinel

Smart code review tool using AI models to enhance code quality and efficiency. Integrates seamlessly with your workflow. Discover more on GitHub! 🛡️💻

Language: Python - Size: 32.2 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0

noodlemctwoodle/Sentinel-As-Code

An automation framework for deploying Microsoft Sentinel environments using pipelines. This project combines infrastructure-as-code (Bicep) with PowerShell automation to streamline the deployment of Sentinel solutions, analytics rules, and workbooks.

Language: PowerShell - Size: 118 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 11 - Forks: 4

SvenAelterman/TenableVMSentinelFunctionAppWithSecuredStorage

Deploys Tenable Vulnerability Management's Azure Function app for Sentinel ingest using secured Storage Account to meet common customer compliance requirements.

Language: Bicep - Size: 15.5 MB - Last synced at: 6 days ago - Pushed at: 4 months ago - Stars: 0 - Forks: 0

Azure-Samples/Sentinel-For-SAP-Community

Repos for community driven custom extensions of Sentinel Solution for SAP built upon SAP Integration Suite

Size: 575 KB - Last synced at: about 2 months ago - Pushed at: about 2 months ago - Stars: 0 - Forks: 0

Cyb3r-Monk/Threat-Hunting-and-Detection

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

Language: Jupyter Notebook - Size: 407 KB - Last synced at: 3 months ago - Pushed at: 6 months ago - Stars: 731 - Forks: 105

Accelerynt-Security/AS-Okta-NetworkZoneUpdate

Add IPs from Microsoft Sentinel Incidents to an Okta Network Zone Blocklist

Size: 1 MB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 0 - Forks: 0

MartinPankraz/DSAGTechXChange25

Content supporting the DSAG TechXChange April 2025

Language: PowerShell - Size: 93.8 MB - Last synced at: 5 months ago - Pushed at: 5 months ago - Stars: 6 - Forks: 0

ITPG-Security/Firewall-Blocker

App to ingest Threat Intelligence (TI) into a Firewall

Language: C# - Size: 107 KB - Last synced at: 7 months ago - Pushed at: 7 months ago - Stars: 0 - Forks: 0

Tit4ns0ul/Microsoft-Security-Operations-Analyst

Microsoft Security Operations Analyst

Size: 13.7 KB - Last synced at: 2 months ago - Pushed at: 7 months ago - Stars: 1 - Forks: 0

Ditectrev/Microsoft-Azure-AZ-500-Azure-Security-Engineer-Practice-Tests-Exams-Questions-Answers

⛳️ PASS: Microsoft Azure AZ-500 (Azure Security Engineer Associate) by learning based on our Questions & Answers (Q&A) Practice Tests Exams.

Size: 16.6 MB - Last synced at: 6 months ago - Pushed at: 10 months ago - Stars: 13 - Forks: 19

joelst/Sentinel

Collection of Microsoft Sentinel scripts, queries, and nicknacks

Language: PowerShell - Size: 91.8 KB - Last synced at: about 1 month ago - Pushed at: 7 months ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Enable-Azure-AD-User-From-Entity

Enable Azure AD user accounts from Microsoft Sentinel account entities

Size: 2.33 MB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Disable-Azure-AD-User-From-Entity

Disable Azure AD user accounts from Microsoft Sentinel account entities

Size: 2.81 MB - Last synced at: 10 months ago - Pushed at: 10 months ago - Stars: 0 - Forks: 0

reversinglabs/reversinglabs-siem-rules

A collection of various SIEM rules relating to malware family groups.

Language: YARA - Size: 164 KB - Last synced at: about 1 year ago - Pushed at: about 1 year ago - Stars: 59 - Forks: 6

Accelerynt-Security/AS-Revoke-Azure-AD-User-Session-From-Entity

Revoke Entra ID user sessions from Microsoft Sentinel entities

Size: 3.37 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Revoke-Azure-AD-User-Session-From-Incident

Revoke Entra ID user sessions from Microsoft Sentinel incidents

Size: 1.92 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 4 - Forks: 1

EightFence/community

This repository contains all the presentations, demo's, videos and other resources that we use during our community events.

Size: 21.2 MB - Last synced at: 4 months ago - Pushed at: over 1 year ago - Stars: 1 - Forks: 0

Accelerynt-Security/AS-Block-Hash-in-Defender

Block File Hashes found in Microsoft Sentinel Incidents in Defender

Size: 2.37 MB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 0 - Forks: 0

Accelerynt-Security/AS-Sign-Out-Google-User

Sign out Google users from Microsoft Sentinel incidents

Language: Python - Size: 2.99 MB - Last synced at: almost 2 years ago - Pushed at: almost 2 years ago - Stars: 0 - Forks: 0

h0ffayyy/SentinelDomainMonitor

Use dnstwist to monitor for lookalike domains and send logs to Azure Log Analytics

Language: Python - Size: 469 KB - Last synced at: about 1 year ago - Pushed at: about 2 years ago - Stars: 1 - Forks: 2

h0ffayyy/MicrosoftSentinelStuff

Misc. content for Microsoft Sentinel

Size: 302 KB - Last synced at: over 1 year ago - Pushed at: over 1 year ago - Stars: 15 - Forks: 4

Accelerynt-Security/AS-Block-GitHub-User

Block GitHub users from Microsoft Sentinel incidents

Language: JavaScript - Size: 2.12 MB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 1 - Forks: 0

timtim589/WorkspaceManager

This workspace contains all the code (ARM templates and PowerShell) referenced inside my Medium article about the Sentinel Workspace Manager.

Language: PowerShell - Size: 16.6 KB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 0 - Forks: 0

Accelerynt-Security/Zscaler-add-Domains-to-URL-Category

Extract domains from Microsoft Sentinel incidents and add them to a Zscaler custom URL category

Size: 3.05 MB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 1 - Forks: 0

Accelerynt-Security/AS-Remove-Domains-from-Zscaler-URL-Category

Extract domains from Microsoft Sentinel incidents and remove them from a Zscaler custom URL category

Size: 2.12 MB - Last synced at: about 2 years ago - Pushed at: about 2 years ago - Stars: 0 - Forks: 0

hisashin0728/SentinelAzureOpenAIQueryCheck

This repository provides summarization Schedule Analytics Rules in Sentinel Incident

Size: 16.6 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

hisashin0728/SentinelAzureOpenAI

Microsoft Sentinel / Azure Open AI 演習のレポジトリです。

Size: 298 KB - Last synced at: about 2 years ago - Pushed at: over 2 years ago - Stars: 2 - Forks: 1

Accelerynt-Security/AS-Add-Machine-Logon-Users-to-Incident

Add Microsoft Defender machine logon users to a Microsoft Sentinel incident comment

Size: 1.51 MB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 6 - Forks: 2

Accelerynt-Security/AS-Edgescan-Integration

Pull Edgescan assets, hosts, and vulnerabilities into Microsoft Sentinel custom logs

Size: 1.33 MB - Last synced at: over 2 years ago - Pushed at: over 2 years ago - Stars: 0 - Forks: 0

MartinPankraz/Security-Insights-2-Action

Content supporting the Microsoft hands-on at DSAG Technology Days March 2023

Size: 12.1 MB - Last synced at: 5 months ago - Pushed at: over 2 years ago - Stars: 1 - Forks: 0

h0ffayyy/sentinel-to-yaml

Convert Microsoft Sentinel rule templates to YAML

Language: Python - Size: 16.6 KB - Last synced at: over 2 years ago - Pushed at: over 3 years ago - Stars: 1 - Forks: 0

Ben4FH/Adaz-Sentinel Fork of christophetd/Adaz

Microsoft Sentinel fork of Adaz :wrench: Deploy customizable Active Directory labs in Azure - automatically.

Language: HCL - Size: 4.16 MB - Last synced at: over 2 years ago - Pushed at: almost 3 years ago - Stars: 2 - Forks: 0

Related Keywords

microsoft-sentinel 55 azure 18 kql 13 microsoft 11 sentinel 10 siem 9 incident-response 9 threat-hunting 9 cybersecurity 8 entra-id 7 microsoft-security 5 detection-engineering 5 azure-sentinel 5 security 5 microsoft-defender 5 soc 5 microsoft-azure 4 threat-intelligence 4 azure-security 4 defender-for-endpoint 4 cloud-security 3 powershell 3 threat-detection 3 kusto 3 automation 3 blue-team 3 azure-ad 3 entity 2 infosec 2 sentinel-for-sap 2 dfir 2 defender 2 microsoftsentinel 2 microsoft-365-defender 2 url-category 2 zscaler 2 azure-devops 2 azure-sentinel-playbook 2 microsoft-xdr 2 cloudsecurity 2 kusto-query-language 2 secdevops 2 power-platform 1 hands-on-lab 1 defender-for-identity 1 sap-on-azure 1 csharp 1 dotnet 1 sonicwall 1 az-500 1 spiderfoot 1 azure-functions 1 bicep 1 tenable 1 agentless 1 integration-flow 1 sap-erp 1 sap-integration-suite 1 sap-netweaver 1 sap-netweaver-rfc 1 sap-s4hana-cloud 1 sap-security 1 soar 1 kusto-language 1 integration 1 okta 1 copilot-for-sap 1 sigma 1 lab 1 sap 1 logic-apps 1 audit 1 edgescan-services 1 microsoft-defender-for-endopoint 1 azureopenai 1 azure-openai 1 workspace-manager 1 github-api 1 containers 1 google-api 1 sha256-hash 1 community 1 subnet 1 rbac-management 1 rbac 1 practice-test 1 network-security-groups 1 network-security-group 1 key-vaults 1 community-project 1 azure-virtual-networks 1 azure-virtual-network 1 azure-storage 1 azure-security-engineer-associate 1 azure-security-center 1 azure-log-analytics 1 azure-active-directory 1 defender-for-cloud-apps 1 threat-hunt 1 threat-detecting 1