Kusto and Log Analytics MCP server help you execute a KQL (Kusto Query Language) query within an AI prompt, analyze, and visualize the data.
-
Updated
Mar 18, 2026 - Python
#
kql-threathunting
Here are 23 public repositories matching this topic...
Detection rules and threat hunting queries in Defender XDR and Azure Sentinel
-
Updated
Mar 13, 2026
This repository contains detection and threat hunting queries created by NVISO’s CSIRT and SOC teams.
queries sentinel cybersecurity threat-hunting threat-detection kusto kql detection-engineering detections kusto-language defender-for-endpoint microsoft-sentinel kql-threathunting kql-queries
-
Updated
Feb 9, 2026
Microsoft Defender XDR KQL detections for RedSun, BlueHammer, UnDefend, and CVE-2026-33825-related Defender abuse behaviors.
privilege-escalation windows-security detection-engineering microsoft-defender advanced-hunting redsun microsoft-defender-xdr defender-xdr kql-threathunting threat-detection-windows bluehammer undefend cve-2026-33825
-
Updated
Apr 20, 2026
Maps Microsoft Defender XDR Schemas to a local Kustainer Data Explorer instance
-
Updated
Jun 18, 2025 - Python
AI-enhanced Azure SOC homelab for phishing detection & response, threat intelligence, and much more using Microsoft Sentinel, Defender XDR, and ANY.RUN.
incident-response dfir cybersecurity openai wireshark sysmon siem malware-analysis risk-assessment kali-linux iso27001 threat-intelligence microsoft-azure sora defender-for-endpoint microsoft-sentinel any-run kql-threathunting
-
Updated
Jan 4, 2026 - Python
Documenting my threat hunting projects and experience as a Cybersecurity Analyst during my internship at LOGs N' PACIFIC. For educational purposes only.
splunk incident-response sentinel threat-hunting sigma soc kql microsoft-sentinel kql-threathunting threat-hunting-dashboard kql-queries
-
Updated
Mar 26, 2026
KQL Queries for Microsoft Sentinel and Microsoft Defender XDR
microsoft azure sentinel defender threat-hunting mitre mitre-attack kql threatdetection defenderxdr kql-threathunting kql-queries
-
Updated
Sep 13, 2025
A Live Cloud SOC project using Azure Sentinel & Logic Apps to detect and automatically block RDP brute-force attacks from global botnets.
-
Updated
Feb 20, 2026
A collection of Mitre ATT&CK aligned KQL detection, hunting, and audit queries for Defender XDR.
kusto kql detection-engineering defender-for-endpoint defender-for-identity entra-id defender-xdr defender-for-cloud-apps kql-threathunting
-
Updated
Feb 16, 2026
This repository contains my labs for developing threat hunting skills by simulating real-world attack scenarios on Windows systems, focusing on system configuration tampering, unauthorised access detection, and network activity analysis.
-
Updated
Jul 9, 2025
To hunt for potential malicious extensions
-
Updated
Feb 25, 2026
This lab is inspired by concepts and guidance from Josh Madakor’s Cyber Range course.
incident-response threat-hunting siem microsoft-azure edr kql defender-for-endpoint kql-threathunting
-
Updated
Jul 11, 2025
Case-based KQL investigations (KC7 + homelab) for blue-team threat hunting and incident response.
incident-response threat-hunting soc blue-team kusto kql detection-engineering microsoft-sentinel kc7 kql-threathunting
-
Updated
Aug 31, 2025
Find potential local privilege escalation on windows with KQL
-
Updated
Mar 24, 2026
My home lab using Azure Sentinel and Ubuntu VM as a honeypot
ssh azure honeypot geolocation incident-response cybersecurity siem soc cloud-security linux-ubuntu log-analytics blue-team home-lab azure-sentinel azure-cloud microsoft-sentinel kql-threathunting security-operations-engineer
-
Updated
Jan 18, 2026
In this repository, you will find KQL queries that can be executed in Defender EDR.
-
Updated
Mar 30, 2026
My personal journal of CTF writeups, threat hunting investigations, and KQL experiments. Raw logs, step-by-step notes, and lessons learned from hands-on blue team and incident response challenges.
-
Updated
Aug 18, 2025
Improve this page
Add a description, image, and links to the kql-threathunting topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the kql-threathunting topic, visit your repo's landing page and select "manage topics."