defender-for-endpoint

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Hunting queries and detections

Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).

MDATP

PowerShell-based Automation of Defender for Endpoint

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant.

Collection of Remote Management Monitoring tool artifacts, for assisting forensics and investigations

ASR Configurator, Essentials and Atomic Testing

The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior

Repository for Software Certs for easy software blocking across corp environments, for example, using MDE IOC

Microsoft Intune Custom Compliance

This repository will describe the details surrounding the SIEM (wazuh) mini project, which will cover all aspects of topology design, deployment, rules, integration, and fine tune.

Python for Security is the home of all open source Python projects that can integrate with Microsoft Technologies.

Microsoft Defender for Endpoint PowerShell module

Defender XDR Advanced Hunting Queries (MDE, MDAV, Device Discovery)

A set of importable Intune policies that simplify onboarding/offboarding MacOS devices to/from Defender for Business/Endpoint.

Repo includes KQL queries that you can run in your Azure Log Analyics environment.

A PowerShell module to interact with Microsoft's Defender for Endpoint API.

K9-Defender is highly Simple with a Sophisticated Watchdog System and a Powerful Process Scanning both for Windows 10 and 11

MaxMind Geo and ASN Data for Kusto