Hunting-Queries-Detection-Rules
Security queries
Provides KQL queries for hunting and detection in security logs
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
1k stars
64 watching
238 forks
Language: Python
last commit: 7 days ago
Linked from 1 awesome list
azureblueteamcybersecuritydefender-for-endpointdfirinfoseckqlmdemdimispsecuritysentinelthreat-huntingvulnerability-managementzero-day
infosecb/awesome-detection-engineeringRelated projects:
| Repository | Description | Stars |
|---|---|---|
 a3sal0n/cyberthreathunting | A collection of tools and resources for threat hunters to identify and respond to cyber threats. | 861 |
 miriamxyra/eventlist | An automation tool that integrates Microsoft Security Baselines and MITRE ATT&CK to generate hunting queries for security operation centers. | 370 |
 kasperskylab/klara | Helps Threat Intelligence researchers hunt for new malware by efficiently scanning large collections of files with Yara rules | 698 |
 travisbgreen/hunting-rules | Provides Suricata IDS alert rules for detecting network anomalies | 154 |
 sbousseaden/slides | Collection of resources and concepts for threat hunting and detection engineering. | 372 |
 zt2/sqli-hunter | A tool that automates the process of detecting and exploiting SQL injection vulnerabilities in web applications. | 425 |
 aksw/sparqlanalytics | Real-time analytics framework for SPARQL queries | 5 |
 uptimejp/sql_firewall | A PostgreSQL extension that monitors and controls incoming queries to prevent SQL injections and unwanted activity. | 175 |
 gossithedog/threathunting | Tools and rules for detecting malicious domain calls in endpoint malware | 570 |
 netevert/sentinel-attack | A tool to quickly deploy a threat hunting capability on Azure Sentinel using Sysmon and MITRE ATT&CK | 1,062 |
 kevthehermit/pastehunter | Automates scanning of publicly hosted pasted data against Yara rules to identify potential security or research threats. | 1,069 |
 bradmontgomery/django-querycount | Prints DB query counts in Django's runserver console output. | 394 |
 stamusnetworks/kts7 | Templates and dashboards for threat hunting with Suricata IDPS/NSM and the ELK 7 stack | 40 |
 13o-bbr-bbq/machine_learning_security | An open-source project that explores the intersection of machine learning and security to develop tools for detecting vulnerabilities in web applications. | 1,987 |
 jaksprats/alchemy-database | A low-latency, high-TPS hybrid relational-NOSQL database system with embedded Lua scripting support and Redis integration. | 181 |