Good KQL resources... #14
Replies: 8 comments 1 reply
-
|
I have a couple other KQL repositories that might be of interest. These are where I am constantly adding my creations. My Sentinel repository: https://github.com/rod-trent/SentinelKQL My Defender repository: https://github.com/rod-trent/DefenderKQL |
Beta Was this translation helpful? Give feedback.
-
|
Ugur Koc's KQL for Intune: https://github.com/ugurkocde/KQL_Intune |
Beta Was this translation helpful? Give feedback.
-
|
Reprise99's Sentinel KQL: https://github.com/reprise99/Sentinel-Queries Reprise99's awesome list of resource: https://github.com/reprise99/awesome-kql-sentinel |
Beta Was this translation helpful? Give feedback.
-
|
Some good tutorials |
Beta Was this translation helpful? Give feedback.
-
|
I started my own repo for security focussed detection rules. At this moment more than 50 rules have been added classified 10 different categories: https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules I also added a specific page for Regex that can be used on any platform where you want to use KQL: https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/blob/main/KQL%20Regex/RegexExamples.md Recently I also shared my view on the best KQL resources for Detection Rules / Hunting queries: https://twitter.com/BertJanCyber/status/1541513670097862660?s=20&t=EZJxUkm9bODYX6l7ULtrYg |
Beta Was this translation helpful? Give feedback.
-
|
Microsoft also has their own repo with a lot of Huntig Queries: https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries. If you have the Security E5 suite then take a look at: https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries/Microsoft%20365%20Defender |
Beta Was this translation helpful? Give feedback.
-
|
SiliconShecky queries: https://github.com/siliconshecky/KQL-Queries A Listing of Queries that use KQL. These queries will be for one of the following and tagged as such: Azure Resource Graph - ARG |
Beta Was this translation helpful? Give feedback.
-
|
Happened upon a new "Fun with KQL" series by Robert Cain (consultant/trainer). Here's the first blog post of the series: https://arcanecode.com/2022/05/30/fun-with-kql-project/ The rest aren't tagged to be exposed, but you'll have to search for them. Even uses the aka.ms/LADemo environment like Must Learn KQL. |
Beta Was this translation helpful? Give feedback.
-
|
Not sure if this is "in scope" but I just published a github project which includes
Link: KustoLoco |
Beta Was this translation helpful? Give feedback.
-
Let's start a compilation of your favorite KQL resources - both repositories of code and learning sources.
Beta Was this translation helpful? Give feedback.
All reactions