Detection rules and threat hunting queries in Defender XDR and Azure Sentinel

Kusto and Log Analytics MCP server help you execute a KQL (Kusto Query Language) query within an AI prompt, analyze, and visualize the data.

Maps Microsoft Defender XDR Schemas to a local Kustainer Data Explorer instance

This lab is inspired by concepts and guidance from Josh Madakor’s Cyber Range course.

My home lab using Azure Sentinel and Ubuntu VM as a honeypot

Find potential local privilege escalation on windows with KQL

KQL Queries for Microsoft Sentinel and Microsoft Defender XDR

KQL scripts

This repository contains my labs for developing threat hunting skills by simulating real-world attack scenarios on Windows systems, focusing on system configuration tampering, unauthorised access detection, and network activity analysis.

Windows Defender XDR KQL Queries

AI-enhanced Azure SOC homelab for phishing detection & response, threat intelligence, and much more using Microsoft Sentinel, Defender XDR, and ANY.RUN.

My personal journal of CTF writeups, threat hunting investigations, and KQL experiments. Raw logs, step-by-step notes, and lessons learned from hands-on blue team and incident response challenges.

In this repository, you will find KQL queries that can be executed in Defender EDR.

A collection of Mitre ATT&CK aligned KQL detection, hunting, and audit queries for Defender XDR.

hunting PCI (Payment Card Industry) and PAN (Primary Account Number) data within Microsoft 365 environments.