KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

Query Kusto like a pro from the comfort of your Jupyter notebook

Kusto and Log Analytics MCP server help you execute a KQL (Kusto Query Language) query within an AI prompt, analyze, and visualize the data.

Sigma Queries turned into KQL for Defender using pysigma

This solution accelerator provides the architecture and working solution for real-time intelligence for operations. Key features include real-time dashboard, anomaly detection, and fabric data agent.

Python parser for Kibana Query Language (KQL).

A modular AI-powered CLI for Azure Sentinel threat hunting & remediation. Features strict guardrails, cost-aware routing, and automated SOAR workflows (VM isolation, rule creation).

Updated Sigma2KQL script written by @CodeByHarri + Generating Analytics & Hunting Rules ready for Sentinel Deployment

Documenting my projects and experience as a Security Operations Analyst. For educational purposes only.

Parser for the Kibana Query Language (KQL)

Sigma Queries turned into KQL for Defender using pysigma - Automated

Cloud security labs: DFIR, detection engineering, and SecOps across Azure Sentinel, AWS GuardDuty, and Entra ID

📦 Azure Monitor integration with OpenTelemetry via "@distributed_trace" annotation 🔍

KQL CLI - Query Azure Data Explorer from the command line. Like jq for JSON, but for Kusto/KQL.

Production-ready KQL queries for Microsoft Sentinel, M365 Defender, and Azure Log Analytics. Threat hunting, incident response, and security monitoring queries for SOC operations.

A Kusto transpiler, python in, kql udf out

End-to-end streaming flight data pipeline on Microsoft Fabric: real-time ingestion with Eventstream, dual sinks to Lakehouse & Eventhouse, star-schema transforms, incremental loads into Warehouse, semantic modeling, and both live & historical dashboards.

Azure SDK-compliant Python client library for aggregating logs from multiple Microsoft Sentinel workspace

Tools for handling ElasticSearch queries in various languages (Gitlab.com mirror).

Convert Sigma detection rules to Splunk SPL, Microsoft KQL, Elastic EQL, QRadar AQL & Chronicle YARA-L | Multi-SIEM detection engineering tool