Kusto and Log Analytics MCP server help you execute a KQL (Kusto Query Language) query within an AI prompt, analyze, and visualize the data.
-
Updated
Dec 28, 2025 - Python
#
kql-threathunting
Here are 20 public repositories matching this topic...
Detection rules and threat hunting queries in Defender XDR and Azure Sentinel
-
Updated
Feb 11, 2026
This repository contains detection and threat hunting queries created by NVISO’s CSIRT and SOC teams.
queries sentinel cybersecurity threat-hunting threat-detection kusto kql detection-engineering detections kusto-language defender-for-endpoint microsoft-sentinel kql-threathunting kql-queries
-
Updated
Feb 9, 2026
Maps Microsoft Defender XDR Schemas to a local Kustainer Data Explorer instance
-
Updated
Jun 18, 2025 - Python
Find potential local privilege escalation on windows with KQL
-
Updated
Dec 11, 2025
Large list of potential/known malicious browser extensions to hunt on
-
Updated
Jan 22, 2026
KQL Queries for Microsoft Sentinel and Microsoft Defender XDR
microsoft azure sentinel defender threat-hunting mitre mitre-attack kql threatdetection defenderxdr kql-threathunting kql-queries
-
Updated
Sep 13, 2025
This lab is inspired by concepts and guidance from Josh Madakor’s Cyber Range course.
incident-response threat-hunting siem microsoft-azure edr kql defender-for-endpoint kql-threathunting
-
Updated
Jul 11, 2025
My home lab using Azure Sentinel and Ubuntu VM as a honeypot
ssh azure honeypot geolocation incident-response cybersecurity siem soc cloud-security linux-ubuntu log-analytics blue-team home-lab azure-sentinel azure-cloud microsoft-sentinel kql-threathunting security-operations-engineer
-
Updated
Jan 18, 2026
To hunt for potential malicious extensions
-
Updated
Feb 16, 2026
This repository contains my labs for developing threat hunting skills by simulating real-world attack scenarios on Windows systems, focusing on system configuration tampering, unauthorised access detection, and network activity analysis.
-
Updated
Jul 9, 2025
AI-enhanced Azure SOC homelab for phishing detection & response, threat intelligence, and much more using Microsoft Sentinel, Defender XDR, and ANY.RUN.
incident-response dfir cybersecurity openai wireshark sysmon siem malware-analysis risk-assessment kali-linux iso27001 threat-intelligence microsoft-azure sora defender-for-endpoint microsoft-sentinel any-run kql-threathunting
-
Updated
Jan 4, 2026 - Python
My personal journal of CTF writeups, threat hunting investigations, and KQL experiments. Raw logs, step-by-step notes, and lessons learned from hands-on blue team and incident response challenges.
-
Updated
Aug 18, 2025
A Live Cloud SOC project using Azure Sentinel & Logic Apps to detect and automatically block RDP brute-force attacks from global botnets.
-
Updated
Feb 20, 2026
In this repository, you will find KQL queries that can be executed in Defender EDR.
-
Updated
Jan 12, 2026
Case-based KQL investigations (KC7 + homelab) for blue-team threat hunting and incident response.
incident-response threat-hunting soc blue-team kusto kql detection-engineering microsoft-sentinel kc7 kql-threathunting
-
Updated
Aug 31, 2025
A collection of Mitre ATT&CK aligned KQL detection, hunting, and audit queries for Defender XDR.
kusto kql detection-engineering defender-for-endpoint defender-for-identity entra-id defender-xdr defender-for-cloud-apps kql-threathunting
-
Updated
Feb 16, 2026
Improve this page
Add a description, image, and links to the kql-threathunting topic page so that developers can more easily learn about it.
Add this topic to your repo
To associate your repository with the kql-threathunting topic, visit your repo's landing page and select "manage topics."