https://github.com/cyb3r-monk/threat-hunting-and-detection

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
https://github.com/cyb3r-monk/threat-hunting-and-detection

cybersecurity defender-for-endpoint detection-engineering dfir kql kusto-language microsoft-sentinel threat-detection threat-hunting

Last synced: about 20 hours ago
JSON representation

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

• Host: GitHub
• URL: https://github.com/cyb3r-monk/threat-hunting-and-detection
• Owner: Cyb3r-Monk
• License: bsd-3-clause
• Created: 2020-11-02T11:30:51.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2025-03-14T10:47:52.000Z (2 months ago)
• Last Synced: 2025-04-14T16:54:06.858Z (about 1 month ago)
• Topics: cybersecurity, defender-for-endpoint, detection-engineering, dfir, kql, kusto-language, microsoft-sentinel, threat-detection, threat-hunting
• Language: Jupyter Notebook
• Homepage:
• Size: 407 KB
• Stars: 719
• Watchers: 31
• Forks: 103
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# Threat Hunting and Detection

Repository for threat hunting and detection queries, tools, etc. 

## Quick Links

* Blu Raven Academy Home - [https://academy.bluraven.io](https://academy.bluraven.io/?utm_source=githubthderepo)

  

* Blu Raven Academy Courses - [https://academy.bluraven.io/courses](https://academy.bluraven.io/courses/?utm_source=githubthderepo)

* Blu Raven Academy Pricing - [https://academy.bluraven.io/pricing](https://academy.bluraven.io/pricing/?utm_source=githubthderepo)

* Blu Raven Academy Blog - [https://academy.bluraven.io/blog](https://academy.bluraven.io/blog/?utm_source=githubthderepo)

# Learn Kusto Query Language (KQL)

If you want to elevate your threat hunting, detection engineering, and incident response skills using KQL, [check out my KQL courses!](https://academy.bluraven.io/?utm_source=githubthderepo)





  





## Warning!

Whatever you use from the repository, double check its correctness, test it in your environment. Please, DO NOT just copy and paste.  

Presenting it as your own is illegal and forbidden. Apart from that, you can use the content anyway you like with a reference to [@Cyb3rMonk](https://twitter.com/Cyb3rMonk) (Twitter) or [Cyb3r-Monk](https://github.com/Cyb3r-Monk) (Github). It is much appreciated.