Kusto and Log Analytics MCP server help you execute a KQL (Kusto Query Language) query within an AI prompt, analyze, and visualize the data.

Detection rules and threat hunting queries in Defender XDR and Azure Sentinel

This repository contains detection and threat hunting queries created by NVISO’s CSIRT and SOC teams.

Microsoft Defender XDR KQL detections for RedSun, BlueHammer, UnDefend, and CVE-2026-33825-related Defender abuse behaviors.

Maps Microsoft Defender XDR Schemas to a local Kustainer Data Explorer instance

Documenting my threat hunting projects and experience as a Cybersecurity Analyst during my internship at LOGs N' PACIFIC. For educational purposes only.

AI-enhanced Azure SOC homelab for phishing detection & response, threat intelligence, and much more using Microsoft Sentinel, Defender XDR, and ANY.RUN.

This lab is inspired by concepts and guidance from Josh Madakor’s Cyber Range course.

A collection of Mitre ATT&CK aligned KQL detection, hunting, and audit queries for Defender XDR.

KQL Queries for Microsoft Sentinel and Microsoft Defender XDR

This repository contains my labs for developing threat hunting skills by simulating real-world attack scenarios on Windows systems, focusing on system configuration tampering, unauthorised access detection, and network activity analysis.

A Live Cloud SOC project using Azure Sentinel & Logic Apps to detect and automatically block RDP brute-force attacks from global botnets.

To hunt for potential malicious extensions

In this repository, you will find KQL queries that can be executed in Defender EDR.

Case-based KQL investigations (KC7 + homelab) for blue-team threat hunting and incident response.

Find potential local privilege escalation on windows with KQL

My home lab using Azure Sentinel and Ubuntu VM as a honeypot

Large list of potential/known malicious browser extensions to hunt on

Windows Defender XDR KQL Queries

KQL scripts