Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-kql-sentinel
A curated list of blogs, videos, tutorials, queries and anything else valuable to help you learn and master KQL and Microsoft Sentinel
https://github.com/reprise99/awesome-kql-sentinel
Last synced: 5 days ago
JSON representation
-
Table Of Contents
-
Official Learn
- KQL - The Next Query Language You Need to Learn
- Learning path SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
- MustLearnKQL - Video Series
- Tutorial: Use Kusto queries
- Write your first query with Kusto Query Language
- Addicted to KQL
- MustLearnKQL
- MustLearnKQL - Video Series
-
Official Docs
-
Official Videos
- Automate Your Microsoft Sentinel Triage Efforts with RiskIQ Threat Intelligence
- Azure Sentinel Webinar: Deep Dive into Azure Sentinel Normalizing Parsers and Normalized Content
- Azure Sentinel webinar: KQL part 1 of 3 - Learn the KQL you need for Azure Sentinel
- Azure Sentinel webinar: KQL part 2 of 3 - KQL hands-on lab exercises
- Azure Sentinel webinar: KQL part 3 of 3 - Optimizing Azure Sentinel KQL queries performance
- Azure Sentinel Webinar: The Information Model: Understanding Normalization in Azure Sentinel
- Deploy and Monitor Azure Key Vault Honeytokens with Microsoft Sentinel
- Become a Notebooks Ninja – Getting Started with Jupyter Notebooks - Microsoft Sentinel Webinar
- Fusion ML Detections for Emerging Threats & Configuration UI
- KQL Framework for Microsoft Sentinel - Empowering You to Become KQL-Savvy
- Latest Innovations for Microsoft's Cloud Native SIEM Recording - Microsoft Sentinel Webinar
- M365 Defender - Kusto query language basics
- M365 Defender - Using Advanced Hunting
- Microsoft Security Insights Podcast - Twitch
- Microsoft Sentinel Content Management
- Microsoft Sentinel in the Field: Part 1 - Managing security content as code
- Microsoft Sentinel in the Field: Part 2 - Learning with the training lab
- Microsoft Sentinel in the Field: Part 3 - Deception in Microsoft Sentinel
- Present and Future of EUBA
- Azure Sentinel Webinar: Deep Dive into Azure Sentinel Normalizing Parsers and Normalized Content
- Azure Sentinel webinar: KQL part 1 of 3 - Learn the KQL you need for Azure Sentinel
- Azure Sentinel webinar: KQL part 2 of 3 - KQL hands-on lab exercises
- Azure Sentinel webinar: KQL part 3 of 3 - Optimizing Azure Sentinel KQL queries performance
- Azure Sentinel Webinar: The Information Model: Understanding Normalization in Azure Sentinel
- Become a Notebooks Ninja – Getting Started with Jupyter Notebooks - Microsoft Sentinel Webinar
- Deploy and Monitor Azure Key Vault Honeytokens with Microsoft Sentinel
- Fusion ML Detections for Emerging Threats & Configuration UI
- KQL Framework for Microsoft Sentinel - Empowering You to Become KQL-Savvy
- Latest Innovations for Microsoft's Cloud Native SIEM Recording - Microsoft Sentinel Webinar
- Microsoft Sentinel Content Management
- Azure Sentinel Webinar: Deep Dive into Azure Sentinel Normalizing Parsers and Normalized Content
- Azure Sentinel webinar: KQL part 1 of 3 - Learn the KQL you need for Azure Sentinel
- Azure Sentinel webinar: KQL part 2 of 3 - KQL hands-on lab exercises
- Azure Sentinel webinar: KQL part 3 of 3 - Optimizing Azure Sentinel KQL queries performance
- Azure Sentinel Webinar: The Information Model: Understanding Normalization in Azure Sentinel
- Become a Notebooks Ninja – Getting Started with Jupyter Notebooks - Microsoft Sentinel Webinar
- Deploy and Monitor Azure Key Vault Honeytokens with Microsoft Sentinel
- Fusion ML Detections for Emerging Threats & Configuration UI
- KQL Framework for Microsoft Sentinel - Empowering You to Become KQL-Savvy
- Latest Innovations for Microsoft's Cloud Native SIEM Recording - Microsoft Sentinel Webinar
- Microsoft Sentinel Content Management
-
Official Books
-
Official Announcements and Articles
- Advanced KQL Framework Workbook - Empowering you to become KQL-savvy
- Defending Critical Infrastructure with the Microsoft Sentinel: IT/OT Threat Monitoring Solution
- Get Hands-On KQL Practice with this Microsoft Sentinel Workbook
- How To Align Your Analytics With Time Windows In Azure Sentinel Using KQL (Kusto Query Language)
- Investigating Suspicious Azure Activity with Microsoft Sentinel
- Learning with the Microsoft Sentinel Training Lab
- Leveraging the Power of KQL in Incident Response
- Log sources and analytics rules coverage workbook
- Using External Data Sources To Enrich Network Logs Using Azure Storage And KQL
- Microsoft Sentinel – continuous threat monitoring for GitHub
-
Official Repositories and Tools
-
Official Forums and Websites
-
-
Community
-
Community Videos
- Azure Sentinel Lab Series
- AzureFunBytes Episode 64 - Building SOC Efficiency with @Azure Sentinel with @rodtrent
- GrayHat 2020 - Blue Teaming with Kusto Query Language, KQL - Ashwin Patil
- Managing Microsoft Sentinel using GIT repositories
- Setting up your first Azure Sentinel environment in 50 minutes
- Using Azure Sentinel to protect Microsoft Teams
- AzureFunBytes Episode 64 - Building SOC Efficiency with @Azure Sentinel with @rodtrent
- Managing Microsoft Sentinel using GIT repositories
- Azure Sentinel Lab Series
- AzureFunBytes Episode 64 - Building SOC Efficiency with @Azure Sentinel with @rodtrent
- Managing Microsoft Sentinel using GIT repositories
-
Community Books
-
Community Articles
- Azure Sentinel Syslog Workbook
- Collect Security Events in Microsoft Sentinel with the new AMA agent and DCR
- Detecting privilege escalation with Azure AD service principals in Microsoft Sentinel
- How to Use Office 365 Audit Data with Microsoft Sentinel
- Hunting For Anomalies With Time-Series Analysis
- Hunting Log4j with Sentinel
- Keep an eye on your Azure AD guests with Microsoft Sentinel
- KQL Cheat Sheet
- Kusto Make-Series vs Summarize
- Log4j Incident Response
- Microsoft Sentinel and the power of functions
- Monitor Microsoft Sentinel Data Connectors using Health Monitoring and Logic App
- Monitoring of GitHub Enterprise with Microsoft Sentinel
- Ollie, your personal Microsoft Sentinel assistant
- Optimize your Microsoft Sentinel pricing
- Set up Microsoft Sentinel as a single pane of glass for Microsoft 365 alerts
- Setting up a bidirectional sync between Sentinel and JIRA
- Tag domain controllers automatically in Defender for Endpoint using KQL, Logic App, and API
- Too much noise in your data? Summarize it!
- What I Have Learned From Doing A Year Of Cloud Forensics In Azure AD
- When does enabling Microsoft Sentinel make sense?
- Hunting Log4j with Sentinel
- Log4j Incident Response
- Log4j Incident Response
- Log4j Incident Response
- Log4j Incident Response
- Log4j Incident Response
- Log4j Incident Response
- Log4j Incident Response
- Log4j Incident Response
- Log4j Incident Response
- Hunting Log4j with Sentinel
- Log4j Incident Response
- Hunting Log4j with Sentinel
- Log4j Incident Response
- Hunting Log4j with Sentinel
- Log4j Incident Response
- Log4j Incident Response
- Log4j Incident Response
- Hunting Log4j with Sentinel
- Log4j Incident Response
- KQLCeption – use KQL to investigate Microsoft Sentinel
- Microsoft Sentinel – How to Leverage built-in Amazon Web Services S3 Data Connector
- Hunting Log4j with Sentinel
- Log4j Incident Response
- Hunting Log4j with Sentinel
- Log4j Incident Response
- Hunting Log4j with Sentinel
- Log4j Incident Response
- Hunting Log4j with Sentinel
- Log4j Incident Response
- Hunting Log4j with Sentinel
- Log4j Incident Response
- Log4j Incident Response
-
Community Tools and Websites
-
Community Repositories
-
Community Forums
-
Twitter
-
Community Podcasts
-
Programming Languages
Categories
Sub Categories
Community Articles
54
Official Videos
41
Twitter
12
Community Videos
11
Official Announcements and Articles
10
Community Tools and Websites
10
Community Repositories
9
Official Docs
9
Official Learn
8
Official Forums and Websites
4
Official Repositories and Tools
4
Community Books
3
Community Forums
3
Community Podcasts
2
Official Books
1