KQL Hunting Queries Detection Rules

From GCA ACT
Jump to navigationJump to search

Description

The purpose of this repository is to share KQL queries that can be used by anyone and are understandable. These queries are intended to increase detection coverage through the logs of Microsoft Security products. Not all suspicious activities generate an alert by default, but many of those activities can be made detectable through the logs. These queries include Detection Rules, Hunting Queries and Visualisations. Anyone is free to use the queries. If you have any questions feel free to reach out to me on Twitter @BertJanCyber.


Presenting this material as your own is illegal and forbidden. A reference to Twitter @BertJanCyber or Github @Bert-JanP is much appreciated when sharing or using the content.

More Information

URL: https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/tree/main/Threat%20Hunting

Maintenance Status: Active

Last Updated Date: < 1 year

Formats Available: TXT

Social Media Links: https://twitter.com/BertJanCyber | https://linkedin.com/in/bert-janpals

Contact Information: Unknown

Single or Multiple: Multiple

License Information: BSD-3-Clause License - https://opensource.org/license/bsd-3-clause