d92adfd80b
|
||
|---|---|---|
| .. | ||
| AWSCloudTrail | ||
| AuditLogs | ||
| AzureActivity | ||
| AzureDiagnostics | ||
| CustomLogs | ||
| DnsEvents | ||
| MultipleDataSources | ||
| OfficeActivity | ||
| SecurityAlert | ||
| SecurityEvent | ||
| SigninLogs | ||
| Syslog | ||
| TeamsLogs | ||
| ThreatIntelligenceIndicator | ||
| W3CIISLog | ||
| WireData | ||
| ZoomLogs | ||
| QUERY_TEMPLATE.md | ||
| readme.md | ||
readme.md
About
- This repo contains sample queries for Hunting to aid in the development of techniques for threat hunting leveraging logs from multiple sources.
- With these sample queries, you can get a headstart in learning the Kusto Query Language (KQL) and understanding the different data sources.
- To get started, simply paste a sample query into the user interface and run the query.
Resources
- Azure Log Analytics Query Language Reference
- SQL to Log Analytics Query Cheat Sheet
- Splunk to Log Analytics Query Cheat Sheet
- MITRE ATT&CK
- MITRE CAR
Contributing
- The more queries and tools we add to the community the more effective we will be.
- Utilize the QUERY_TEMPLATE format for Pull requests.
Feedback
For questions or feedback, please contact AzureSentinel@microsoft.com