Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-kql-sentinel
A curated list of blogs, videos, tutorials, queries and anything else valuable to help you learn and master KQL and Microsoft Sentinel
https://github.com/reprise99/awesome-kql-sentinel
- Addicted to KQL
- KQL - The Next Query Language You Need to Learn
- Learning path SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
- MustLearnKQL - Video Series
- MustLearnKQL
- Tutorial: Use Kusto queries
- Write your first query with Kusto Query Language
- Built-in threat detection rules
- KQL quick reference
- Kusto Query Language in Microsoft Sentinel
- Microsoft Sentinel Docs
- Query best practices
- Splunk to Kusto Query Language map
- SQL to Kusto cheat sheet
- What's new in Microsoft Sentinel
- Automate Your Microsoft Sentinel Triage Efforts with RiskIQ Threat Intelligence
- Azure Sentinel Webinar: Deep Dive into Azure Sentinel Normalizing Parsers and Normalized Content
- Azure Sentinel webinar: KQL part 1 of 3 - Learn the KQL you need for Azure Sentinel
- Azure Sentinel webinar: KQL part 2 of 3 - KQL hands-on lab exercises
- Azure Sentinel webinar: KQL part 3 of 3 - Optimizing Azure Sentinel KQL queries performance
- Azure Sentinel Webinar: The Information Model: Understanding Normalization in Azure Sentinel
- Become a Notebooks Ninja – Getting Started with Jupyter Notebooks - Microsoft Sentinel Webinar
- Deploy and Monitor Azure Key Vault Honeytokens with Microsoft Sentinel
- Fusion ML Detections for Emerging Threats & Configuration UI
- KQL Framework for Microsoft Sentinel - Empowering You to Become KQL-Savvy
- Latest Innovations for Microsoft's Cloud Native SIEM Recording - Microsoft Sentinel Webinar
- M365 Defender - Kusto query language basics
- M365 Defender - Using Advanced Hunting
- Microsoft Security Insights Podcast - Twitch
- Microsoft Sentinel Content Management
- Microsoft Sentinel in the Field: Part 1 - Managing security content as code
- Microsoft Sentinel in the Field: Part 2 - Learning with the training lab
- Microsoft Sentinel in the Field: Part 3 - Deception in Microsoft Sentinel
- Present and Future of EUBA
- Azure Sentinel Technical Playbook for MSSPs
- Advanced KQL Framework Workbook - Empowering you to become KQL-savvy
- Defending Critical Infrastructure with the Microsoft Sentinel: IT/OT Threat Monitoring Solution
- Get Hands-On KQL Practice with this Microsoft Sentinel Workbook
- How To Align Your Analytics With Time Windows In Azure Sentinel Using KQL (Kusto Query Language)
- Investigating Suspicious Azure Activity with Microsoft Sentinel
- Learning with the Microsoft Sentinel Training Lab
- Leveraging the Power of KQL in Incident Response
- Log sources and analytics rules coverage workbook
- Microsoft Sentinel – continuous threat monitoring for GitHub
- Using External Data Sources To Enrich Network Logs Using Azure Storage And KQL
- azure/azure-sentinel
- Kusto Explorer
- Log Analytics demo environment
- microsoft/Kusto-Query-Language
- Microsoft Security Community - Youtube
- Microsoft Security Insights - Podcast
- Microsoft Sentinel Blog
- Microsoft Sentinel TechCommunity
- Azure Sentinel Lab Series
- AzureFunBytes Episode 64 - Building SOC Efficiency with @Azure Sentinel with @rodtrent
- GrayHat 2020 - Blue Teaming with Kusto Query Language, KQL - Ashwin Patil
- Managing Microsoft Sentinel using GIT repositories
- Setting up your first Azure Sentinel environment in 50 minutes
- Using Azure Sentinel to protect Microsoft Teams
- KQL | Cafe
- Microsoft 365 Security eBook
- Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide
- Microsoft Sentinel in Action
- Azure Sentinel Syslog Workbook
- Collect Security Events in Microsoft Sentinel with the new AMA agent and DCR
- Detecting privilege escalation with Azure AD service principals in Microsoft Sentinel
- How to Use Office 365 Audit Data with Microsoft Sentinel
- Hunting For Anomalies With Time-Series Analysis
- Hunting Log4j with Sentinel
- Keep an eye on your Azure AD guests with Microsoft Sentinel
- KQL Cheat Sheet
- KQLCeption – use KQL to investigate Microsoft Sentinel
- Kusto Make-Series vs Summarize
- Log4j Incident Response
- Microsoft Sentinel – How to Leverage built-in Amazon Web Services S3 Data Connector
- Microsoft Sentinel and the power of functions
- Monitor Microsoft Sentinel Data Connectors using Health Monitoring and Logic App
- Monitoring of GitHub Enterprise with Microsoft Sentinel
- Ollie, your personal Microsoft Sentinel assistant
- Optimize your Microsoft Sentinel pricing
- Set up Microsoft Sentinel as a single pane of glass for Microsoft 365 alerts
- Setting up a bidirectional sync between Sentinel and JIRA
- Tag domain controllers automatically in Defender for Endpoint using KQL, Logic App, and API
- Too much noise in your data? Summarize it!
- What I Have Learned From Doing A Year Of Cloud Forensics In Azure AD
- When does enabling Microsoft Sentinel make sense?
- Azure Cloud & AI Domain Blog
- Cloud, Systems Management, Automation
- FalconForce
- Jeffrey Appel
- Kusto King - Kusto Knight Learning Track
- Learn Sentinel
- Managed Sentinel - Blog
- Microsoft Sentinel this Week
- Sam's Corner
- SecureCloudBlog
- alexverboon/MDATP/tree/master/AdvancedHunting (Advanced Hunting)
- ashwin-patil/blue-teaming-with-kql
- eshlomo1/Azure-Sentinel-4-SecOps
- FalconForceTeam/FalconFriday
- Kaidja/Azure-Sentinel
- marcusbakker/KQL
- reprise99/Sentinel-Queries
- rod-trent/SentinelKQL
- scautomation/Azure-Sentinel-Syslog-Workbook
- wortell/KQL
- Reddit - Azure Sentinel
- Reddit - Azure
- Stack Overflow - KQL
- Alex Verboon
- Billy York
- DebugPrivilege
- Elli (IR)
- FalconForce Official
- Gianni
- Jan Geisbauer
- Jeffrey Appel
- Kaido Järvemets
- Matt Zorich
- Rod Trent
- Sami Lamppu
Programming Languages
Keywords
kql
3
security
3
hunting
3
azure
2
azure-sentinel
2
siem
2
threat-hunting
2
cybersecurity
1
sample-code
1
azure-data-explorer
1
blueteaming
1
loganalytics
1
cloudsecurity
1
incident-response
1
ir
1
microsoft
1
microsoft-sentinel
1
secops
1
soc
1
threat-intelligence
1
blueteam
1
defender-atp
1
defender-for-endpoint
1
purpleteam
1
sentinel
1