d92adfd80b | ||
---|---|---|
.. | ||
AWSCloudTrail | ||
AuditLogs | ||
AzureActivity | ||
AzureDiagnostics | ||
CustomLogs | ||
DnsEvents | ||
MultipleDataSources | ||
OfficeActivity | ||
SecurityAlert | ||
SecurityEvent | ||
SigninLogs | ||
Syslog | ||
TeamsLogs | ||
ThreatIntelligenceIndicator | ||
W3CIISLog | ||
WireData | ||
ZoomLogs | ||
QUERY_TEMPLATE.md | ||
readme.md |
readme.md
About
- This repo contains sample queries for Hunting to aid in the development of techniques for threat hunting leveraging logs from multiple sources.
- With these sample queries, you can get a headstart in learning the Kusto Query Language (KQL) and understanding the different data sources.
- To get started, simply paste a sample query into the user interface and run the query.
Resources
- Azure Log Analytics Query Language Reference
- SQL to Log Analytics Query Cheat Sheet
- Splunk to Log Analytics Query Cheat Sheet
- MITRE ATT&CK
- MITRE CAR
Contributing
- The more queries and tools we add to the community the more effective we will be.
- Utilize the QUERY_TEMPLATE format for Pull requests.
Feedback
For questions or feedback, please contact AzureSentinel@microsoft.com