KQL Advanced Hunting Queries & Analytics Rules
A collection of ready-to-use KQL queries for threat hunting, detection, and analytics in Microsoft Defender for Endpoint and Azure Sentinel.
What is KQL Advanced Hunting Queries & Analytics Rules?
Hunting-Queries-Detection-Rules is a curated repository of Kusto Query Language (KQL) queries specifically designed for Microsoft Defender for Endpoint and Azure Sentinel. It provides security teams with ready-to-use detection rules, hunting queries, and analytics to identify threats that may not be caught by default security alerts. The project aims to increase detection coverage by leveraging the rich log data available in Microsoft's security products.
Security analysts, threat hunters, and SOC teams working with Microsoft Defender for Endpoint and Azure Sentinel who need to write or customize detection queries. It's also valuable for security engineers building detection-as-code pipelines.
It saves significant time by offering a large collection of pre-vetted, community-contributed queries mapped to real-world threats and MITRE ATT&CK tactics. Instead of building queries from scratch, teams can deploy these immediately to enhance their security posture.
Overview
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Use Cases
Best For
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
