As of 2024/08/05, since I'm on paternity leave, this repo will be organized in a way that I see fit which means ... it may be all over the place. However, as I add more detection, queries, etc. I'll try to organize it in a way that makes it easier to navigate and find stuff.
Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or even inspiration). These sources can be:
- Tweets
- Blog posts
- Research articles
- Random thoughts
- Stuff I come across in my day-to-day work
Most of the queries in this repository will be in KQL (Microsoft Sentinel, Microsoft Defender XDR). At some point, I would like to add some pseudo-code using Sigma but for now, it'll be KQL only
The template used to create the various pages in this repo comes from Bert-JanP Hunting-Queries-Detection-Rules repo! Make sure to give it a star and follow it!
https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/blob/main/DetectionTemplate.md