The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior
Detection rules and threat hunting queries in Defender XDR and Azure Sentinel
Defender XDR Advanced Hunting Queries (MDE, MDAV, Device Discovery)
Sam's notes about enterprise IT with a focus on automation, design, and security. Frequent topics will include Microsoft Active Directory, Microsoft Defender XDR, Entra ID, Intune, Microsoft 365, PowerShell, and Windows Server.
A PowerShell MVP who is passionate about helping others succeed with Active Directory, Entra ID, Defender XDR, and Microsoft 365. Always learning! βοΈπ¨βπ©βπ§βπ¦β
TUI for Defender XDR using PwshSpectreConsole
A collection of Mitre ATT&CK aligned KQL detection and audit queries for Defender XDR.
Add a description, image, and links to the defender-xdr topic page so that developers can more easily learn about it.
To associate your repository with the defender-xdr topic, visit your repo's landing page and select "manage topics."