SlimKQL Hunting-Queries-Detection-Rules
This repository provides a collection of KQL (Kusto Query Language) queries designed for use with Microsoft Defender, Microsoft Sentinel, and other Microsoft security solutions. The primary goal is to enhance detection coverage through the logs of Microsoft Security products. Not all suspicious activities generate alerts by default, but many can be detected through these queries.
Key Features:
- Detection Rules: Predefined queries to identify suspicious activities.
- Hunting Queries: Custom queries for proactive threat hunting.
- Visualizations: Tools to visualize data for better insights.
Benefits:
- Open Access: Anyone can use the queries freely.
- Community Contribution: Users are encouraged to contribute and share their findings.
- Legal Compliance: Proper attribution is required when sharing or using the content.
Highlights:
- Maintained by Steven Lim and contributors.
- Regular updates and commits to ensure relevance and effectiveness.