Production-ready KQL queries for Microsoft Defender XDR and Microsoft Sentinel. Focused on Threat Hunting, Detection Engineering, and MITRE ATT&CK mapping.

This solution accelerator provides the architecture and working solution for real-time intelligence for operations. Key features include real-time dashboard, anomaly detection, and fabric data agent.

This repository contains detection and threat hunting queries created by NVISO’s CSIRT and SOC teams.

Sentinel Queries

Cloud-based SOC environment using Microsoft Sentinel, Azure Arc, KQL, and Windows Security Events for threat detection and incident monitoring.

KQL Collection

Overnight AI monitoring for D365 Finance & Operations — 7 agents, Azure App Insights, Claude Code , Copilot Cowork

Documenting my threat hunting projects and experience as a Cybersecurity Analyst during my internship at LOGs N' PACIFIC. For educational purposes only.

Comprehensive KQL query reference for Microsoft Defender XDR and Azure Sentinel, optimized for Context7 integration

Cloud-based honeynet and SIEM lab built in Microsoft Azure using Microsoft Sentinel, Log Analytics Workspace, and attack telemetry visualization.

A curated collection of SOC investigation case files demonstrating end-to-end incident analysis, KQL-driven detection, and attack timeline reconstruction using Microsoft Sentinel.

Zero Trust IAM pipeline on Microsoft Entra ID: Graph API automation, PowerShell governance scripts, Logic Apps workflows, audit log streaming & Microsoft Sentinel threat detection.

KQL Queries for Microsoft Sentinel and Microsoft Defender XDR

Simulated suspicious process activity in Splunk and visualized it on a KPI dashboard. Sentinel alert for failed sign-ins, end-to-end SIEM detection, KQL queries, and automated alerting.

A beginner-friendly project that demonstrates how to set up a Windows Server 2019 VM in Hyper-V, connect it to Azure using Azure Arc, and collect event logs into Microsoft Sentinel for security monitoring and analysis using KQL.

In this repository, you will find KQL queries that can be executed in Defender EDR.

End-to-end phishing investigation playbook covering email analysis, KQL hunting, identity compromise assessment, IOC extraction, threat hunting, detection opportunities, and remediation.

Hands-on Azure SOC simulation project focused on Microsoft Sentinel, threat detection engineering, log ingestion pipelines, KQL-based analytics, custom telemetry onboarding, and real-world SOC monitoring workflows using Windows & Linux virtual machines.