https://github.com/0xAnalyst/DefenderATPQueries

Hunting Queries for Defender ATP
https://github.com/0xAnalyst/DefenderATPQueries

defender-atp detection-engineering detection-rules kql microsoft sentinel threat-hunting

Last synced: 4 months ago
JSON representation

Hunting Queries for Defender ATP

• Host: GitHub
• URL: https://github.com/0xAnalyst/DefenderATPQueries
• Owner: 0xAnalyst
• License: gpl-3.0
• Created: 2023-09-12T05:06:44.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-11-17T09:05:20.000Z (7 months ago)
• Last Synced: 2024-11-17T10:18:22.547Z (7 months ago)
• Topics: defender-atp, detection-engineering, detection-rules, kql, microsoft, sentinel, threat-hunting
• Homepage:
• Size: 319 KB
• Stars: 72
• Watchers: 2
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-detection-engineer - KQL Queries for DefenderATP | 0xAnalyst - Collection of KQL queries. (Uncategorized / Uncategorized)
• awesome-detection-engineer - KQL Queries for DefenderATP | 0xAnalyst - Collection of KQL queries. (Uncategorized / Uncategorized)

README

        



[![Contributors][contributors-shield]][contributors-url]

[![Forks][forks-shield]][forks-url]

[![Stargazers][stars-shield]][stars-url]

[![Issues][issues-shield]][issues-url]

[![MIT License][license-shield]][license-url]



Microsoft Defender ATP Hunting Queries

    Report Bug

    ·

    Request Feature

  



## About The Project

This repository comprises Microsoft Defender Hunting queries. These queries have been developed using telemetry data provided by Defender ATP.This queries were used as Detection rules in production enviroment, They are a result of my own work and inspiration drawn from the contributions of the exceptional community members acknowledged below. Please don't hesitate to propose any additional queries for inclusion in this repository. 

## Roadmap

- [ ✅ ] Add detections based on ASR rules

- [ ] Add detections based on windows API's logged

See the [open issues](https://github.com/0xAnalyst/DefenderATPQueries/issues) for a full list of proposed features (and known issues).

## Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are **greatly appreciated**.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement".

## License

Distributed under the MIT License. See `LICENSE.txt` for more information.

## Acknowledgments

* []() https://github.com/SigmaHQ/sigma 

* []() https://github.com/FalconForceTeam/FalconFriday

* []()https://detection.fyi/

* []()https://github.com/elastic/detection-rules/tree/main/rules

[contributors-shield]: https://img.shields.io/github/contributors/0xAnalyst/DefenderATPQueries.svg?style=for-the-badge

[contributors-url]: https://github.com/0xAnalyst/DefenderATPQueries/graphs/contributors

[forks-shield]: https://img.shields.io/github/forks/0xAnalyst/DefenderATPQueries.svg?style=for-the-badge

[forks-url]: https://github.com/0xAnalyst/DefenderATPQueries/forks

[stars-shield]: https://img.shields.io/github/stars/0xAnalyst/DefenderATPQueries.svg?style=for-the-badge

[stars-url]: https://github.com/0xAnalyst/DefenderATPQueries/stargazers

[issues-shield]: https://img.shields.io/github/issues/0xAnalyst/DefenderATPQueries.svg?style=for-the-badge

[issues-url]: https://github.com/0xAnalyst/DefenderATPQueries/issues

[license-shield]: https://img.shields.io/github/license/0xAnalyst/DefenderATPQueries.svg?style=for-the-badge

[license-url]: https://github.com/0xAnalyst/DefenderATPQueries/blob/master/LICENSE

[product-screenshot]: images/screenshot.png

[Next.js]: https://img.shields.io/badge/next.js-000000?style=for-the-badge&logo=nextdotjs&logoColor=white

[Next-url]: https://nextjs.org/

[React.js]: https://img.shields.io/badge/React-20232A?style=for-the-badge&logo=react&logoColor=61DAFB

[React-url]: https://reactjs.org/

[Vue.js]: https://img.shields.io/badge/Vue.js-35495E?style=for-the-badge&logo=vuedotjs&logoColor=4FC08D

[Vue-url]: https://vuejs.org/

[Angular.io]: https://img.shields.io/badge/Angular-DD0031?style=for-the-badge&logo=angular&logoColor=white

[Angular-url]: https://angular.io/

[Svelte.dev]: https://img.shields.io/badge/Svelte-4A4A55?style=for-the-badge&logo=svelte&logoColor=FF3E00

[Svelte-url]: https://svelte.dev/

[Laravel.com]: https://img.shields.io/badge/Laravel-FF2D20?style=for-the-badge&logo=laravel&logoColor=white

[Laravel-url]: https://laravel.com

[Bootstrap.com]: https://img.shields.io/badge/Bootstrap-563D7C?style=for-the-badge&logo=bootstrap&logoColor=white

[Bootstrap-url]: https://getbootstrap.com

[JQuery.com]: https://img.shields.io/badge/jQuery-0769AD?style=for-the-badge&logo=jquery&logoColor=white

[JQuery-url]: https://jquery.com