KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Query Kusto like a pro from the comfort of your Jupyter notebook

Kusto and Log Analytics MCP server help you execute a KQL (Kusto Query Language) query within an AI prompt, analyze, and visualize the data.

This solution accelerator provides the architecture and working solution for real-time intelligence for operations. Key features include real-time dashboard, anomaly detection, and fabric data agent.

Python parser for Kibana Query Language (KQL).

Updated Sigma2KQL script written by @CodeByHarri + Generating Analytics & Hunting Rules ready for Sentinel Deployment

Documenting my projects and experience as a Security Operations Analyst. For educational purposes only.

Parser for the Kibana Query Language (KQL)

A modular AI-powered CLI for Azure Sentinel threat hunting & remediation. Features strict guardrails, cost-aware routing, and automated SOAR workflows (VM isolation, rule creation).

Sigma Queries turned into KQL for Defender using pysigma - Automated

Cloud security labs: DFIR, detection engineering, and SecOps across Azure Sentinel, AWS GuardDuty, and Entra ID

📦 Azure Monitor integration with OpenTelemetry via "@distributed_trace" annotation 🔍

Production-ready KQL queries for Microsoft Sentinel, M365 Defender, and Azure Log Analytics. Threat hunting, incident response, and security monitoring queries for SOC operations.

A Kusto transpiler, python in, kql udf out

End-to-end streaming flight data pipeline on Microsoft Fabric: real-time ingestion with Eventstream, dual sinks to Lakehouse & Eventhouse, star-schema transforms, incremental loads into Warehouse, semantic modeling, and both live & historical dashboards.

Tools for handling ElasticSearch queries in various languages (Gitlab.com mirror).

Azure SDK-compliant Python client library for aggregating logs from multiple Microsoft Sentinel workspace

Real-time WeatherAPI ingestion via Azure Functions vs Databricks → Event Hubs → Fabric Eventstreams/Eventhouse (KQL) with Key Vault.

Real-Time Weather Data Streaming and Analytics Platform

KQL Local Manager, allows you to manage and organize KQL Queries in a central Database.