A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
Collection of Azure Monitor or Sentinel Kusto Queries
📦 Azure Monitor integration with OpenTelemetry via "@distributed_trace" annotation 🔍
Complete Azure Monitor implementation for VM observability with Terraform. Features Log Analytics workspace, VM Insights via Azure Policy, custom KQL alerts (CPU>95%, Memory>90%), metric alerts, interactive dashboards with 6 components, and custom workbooks. Includes email notifications and RBAC configuration.
KQL Local Manager, allows you to manage and organize KQL Queries in a central Database.
Add a description, image, and links to the kusto-query topic page so that developers can more easily learn about it.
To associate your repository with the kusto-query topic, visit your repo's landing page and select "manage topics."