https://github.com/peronchichino/kql_queries_advancedhunting

Collection of KQL queries for sentinel and defender for organization wide monitoring
https://github.com/peronchichino/kql_queries_advancedhunting

advanced-hunting azure defender hunting kql kusto monitoring monitoring-tool pim privilege query sentinel

Last synced: about 2 months ago
JSON representation

Collection of KQL queries for sentinel and defender for organization wide monitoring

Host: GitHub
URL: https://github.com/peronchichino/kql_queries_advancedhunting
Owner: Peronchichino
Created: 2024-07-15T13:42:11.000Z (9 months ago)
Default Branch: main
Last Pushed: 2024-09-26T10:28:28.000Z (7 months ago)
Last Synced: 2025-01-03T12:44:26.423Z (4 months ago)
Topics: advanced-hunting, azure, defender, hunting, kql, kusto, monitoring, monitoring-tool, pim, privilege, query, sentinel
Homepage:
Size: 50.8 KB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# KQL_Queries_AdvancedHunting
Topics:
- Country logins
- Anomalous Token creation, etc
- Various Logins (risky, failed, non-existant, etc)
- Password resets
- MFA
- Device specific events
- spoolsv.exe
- New user in admin group -> PIM
- Malicious HTTP Traffic -> HTTP Traffic
- phishing file extension

To-Be-Added:
- Azure job creation
- Anomalous AAD Account Creation

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/peronchichino/kql_queries_advancedhunting

Awesome Lists containing this project

README