Threat-Hunting-And-Detection

Visit Tool

Threat-Hunting-and-Detection is an open-source repository providing threat hunting and detection queries. It offers KQL queries for Defender for Endpoint and Microsoft Sentinel, aiding security professionals in identifying and addressing threats.

Claim this tool

No Views Yet

At a glance

Pricing

Open Source

Free tier

Yes

API

Skill level

Technical

About

What is Threat-Hunting-and-Detection?

Threat-Hunting-and-Detection is an open-source GitHub repository curated by Cyb3r-Monk, offering a collection of threat hunting and detection queries. These queries are specifically designed for use with Microsoft Defender for Endpoint and Microsoft Sentinel, leveraging Kusto Query Language (KQL). The repository provides valuable resources for security professionals, including queries categorized by MITRE ATT&CK tactics such as Command and Control, Credential Access, Defense Evasion, Initial Access, Lateral Movement, Persistence, and Privilege Escalation. It serves as a practical resource for enhancing threat detection engineering and incident response capabilities, with a strong emphasis on KQL proficiency.

Best used for

Ideal for cybersecurity professionals and data scientists who need to proactively hunt for threats, improve their detection engineering, and streamline incident response. Especially valuable for those working with Microsoft Defender for Endpoint and Microsoft Sentinel using Kusto Query Language (KQL).

Common actions

hunt threats

detect threats

analyze security data

engineer detections

respond to incidents

face swapping"AI Agents"github copilotlow-code/no-codedeepfakeopen-sourceautomated workflowworkflowscollaboration

Capabilities

Key features

KQL threat queries
Defender for Endpoint queries
Microsoft Sentinel queries
MITRE ATT&CK categories
Detection engineering resources

Target Audience

data scientist

Integrations

Not yet documented

Pricing & Plans

Open Source

Free

FAQs

What kind of queries are included in the Threat-Hunting-and-Detection repository?

The repository contains Kusto Query Language (KQL) queries specifically designed for threat hunting and detection. These queries are categorized based on MITRE ATT&CK tactics, covering areas like Command and Control, Credential Access, Defense Evasion, and more, to help identify various attack techniques.

Is this repository suitable for beginners in threat hunting?

While the repository offers valuable queries, users are advised to have a good understanding of KQL and their environment. It's recommended to test queries thoroughly before deployment. Resources for learning KQL are also linked, making it accessible for those willing to learn.

Can I use these queries in environments other than Microsoft Defender for Endpoint and Microsoft Sentinel?

The queries are primarily written in KQL and optimized for Microsoft Defender for Endpoint and Microsoft Sentinel. While KQL is a versatile language, direct compatibility with other security platforms may vary and would require adaptation and testing.

Trending

Subcategories trending in Data & Analytics

Business Intelligence Predictive Analytics Data Labeling & Annotation Real-Time Analytics Market Research Data Cleaning & Prep

Trending

Explore

Browse AI tools by category

Content & Design Productivity & Business Coding & Development AI Agents & Automation Research & Education Wellness & Lifestyle Career Development Marketing & Growth Data & Analytics Customer Support & CX Finance E-commerce