Welcome to my repository of KQL (Kusto Query Language) queries and workbooks designed specifically for Azure Sentinel. This repository aims to provide security analysts and engineers with advanced tools and scripts to enhance their ability to detect, investigate, and respond to threats within their environments.
This repository contains a curated collection of KQL queries and Azure Sentinel workbooks. These resources are tailored to help you leverage the full power of Azure Sentinel, enabling more effective security analytics and operational efficiency.
Queries are crafted to help you sift through vast amounts of data efficiently. They cover a variety of use cases from basic data retrieval to complex threat detection patterns.
The workbooks provided here are designed to offer visual insights and interactive experiences in analyzing security data. They help in understanding the data patterns and in making informed decisions quickly.
To get started with these queries and workbooks:
- Follow the installation instructions in each sub-directory to implement the queries and workbooks in your Azure Sentinel environment.
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
Distributed under the MIT License. See LICENSE for more information.
If you have any queries or questions, please feel free to reach out on LinkedIn: https://www.linkedin.com/in/matt-cockerill-89017010/