Globalcyberalliance: Created via script

2024-07-04T03:00:33Z

Created via script

New page

=Description=

The purpose of this repository is to share KQL queries that can be used by anyone and are understandable. These queries are intended to increase detection coverage through the logs of Microsoft Security products. Not all suspicious activities generate an alert by default, but many of those activities can be made detectable through the logs. These queries include Detection Rules, Hunting Queries and Visualisations. Anyone is free to use the queries. If you have any questions feel free to reach out to me on Twitter @BertJanCyber.

Presenting this material as your own is illegal and forbidden. A reference to Twitter @BertJanCyber or Github @Bert-JanP is much appreciated when sharing or using the content.

=More Information=

URL: https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/tree/main/Threat%20Hunting
 
Maintenance Status: Active
 
Last Updated Date: < 1 year
 
Formats Available: TXT
 
Social Media Links: https://twitter.com/BertJanCyber | https://linkedin.com/in/bert-janpals
 
Contact Information: Unknown
 
Single or Multiple: Multiple
 
License Information: BSD-3-Clause License - https://opensource.org/license/bsd-3-clause
 

[[Category:Feeds & Sources - T3C]]
[[Category:KQL]]
[[Category:Microsoft]]
[[Category:Threat Detection]]
[[Category:Threat Hunting]]
[[Category:Threat Visualization]]

KQL Hunting Queries Detection Rules - Revision history

Globalcyberalliance: Created via script