A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
- 
 Updated
 Aug 28, 2025 
A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
A framework for converting natural language text inputs to corresponding Pandas, MongoDB, Kusto and Neo4j (Cypher) queries.
sKaleQL is an opinionated template repository for managing, executing, and organizing Kusto Query Language (KQL) queries against Azure Log Analytics Workspaces.
A technical blog about Kusto
A series of cloud focused KQL queries for threat hunting and DFIR
Microsoft Technical Essentials Workshop is a technical training program to empower veterans. Supported by LA County WDACS; LAVTTA; Microsoft Learning; LA Mayor; Fast Lane; JVS SoCal; and more.
KQL queries for monitor log analytics
A comprehensive collection of Kusto Query Language (KQL) scripts and tools for simplified log analysis and troubleshooting in Azure and DevOps environments.
✨ A linting tool for working with Microsoft Sentinel & Defender Advanced Hunting KQL
🌿 Microsoft Fabric E2E Tutorial: 🌊Lakehouse | 💙Data Science | ⚡Real-Time Intelligence | 🪣Data warehouse
kql and indicators-of-compromise sharing repository
Comprehensive KQL query reference for Microsoft Defender XDR and Azure Sentinel, optimized for Context7 integration
This project focused on leveraging Azure Log Analytics to monitor cloud function execution, detect errors, and improve operational visibility. I configured Log Analytics to centralize logs from multiple Azure resources, then wrote Kusto Query Language (KQL) queries to filter execution logs, track error rates, and identify anomalies.
Powershell scripts repo
A collection of Threat Hunting & Alert queries I've written for 365 Defender's 'Advanced Threat Hunting'
KQL Local Manager, allows you to manage and organize KQL Queries in a central Database.
Add a description, image, and links to the kusto-query-language topic page so that developers can more easily learn about it.
To associate your repository with the kusto-query-language topic, visit your repo's landing page and select "manage topics."