A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).

Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

Kusto client libraries for Python

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant

In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).

example queries for learning the kusto language

Apache Spark Connector for Azure Kusto

Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.

Enables Kibana to query Azure Data Explorer (ADX / Kusto)

Azure Data Explorer (Kusto) SDK for Go

JS SDK for the Kusto service

Kafka sink for Kusto

C# KQL query engine with flexible I/O layers and visualization

Quick start. Index multiple documents in a repository using HuggingFace embeddings. Save them in Chroma and / or FAISS for recall. Choose OpenAI or Azure OpenAI APIs to get answers to your questions - Q&A with OpenAI and Azure OpenAI.

Microsoft Azure Kusto Library for Java

Terraform script to deploy almost all Azure Data Services

Query Kusto like a pro from the comfort of your Jupyter notebook

A self-contained execution engine for the Kusto Query Language (KQL) written in C#