Production-ready KQL queries for Microsoft Defender XDR and Microsoft Sentinel. Focused on Threat Hunting, Detection Engineering, and MITRE ATT&CK mapping.

This solution accelerator provides the architecture and working solution for real-time intelligence for operations. Key features include real-time dashboard, anomaly detection, and fabric data agent.

This repository contains detection and threat hunting queries created by NVISO’s CSIRT and SOC teams.

Sentinel Queries

Cloud-based SOC environment using Microsoft Sentinel, Azure Arc, KQL, and Windows Security Events for threat detection and incident monitoring.

KQL Collection

Overnight AI monitoring for D365 Finance & Operations — 7 agents, Azure App Insights, Claude Code , Copilot Cowork

Documenting my threat hunting projects and experience as a Cybersecurity Analyst during my internship at LOGs N' PACIFIC. For educational purposes only.

Comprehensive KQL query reference for Microsoft Defender XDR and Azure Sentinel, optimized for Context7 integration

Cloud-based honeynet and SIEM lab built in Microsoft Azure using Microsoft Sentinel, Log Analytics Workspace, and attack telemetry visualization.

A curated collection of SOC investigation case files demonstrating end-to-end incident analysis, KQL-driven detection, and attack timeline reconstruction using Microsoft Sentinel.

Zero Trust IAM pipeline on Microsoft Entra ID: Graph API automation, PowerShell governance scripts, Logic Apps workflows, audit log streaming & Microsoft Sentinel threat detection.

KQL Queries for Microsoft Sentinel and Microsoft Defender XDR

Simulated suspicious process activity in Splunk and visualized it on a KPI dashboard. Sentinel alert for failed sign-ins, end-to-end SIEM detection, KQL queries, and automated alerting.

In this repository, you will find KQL queries that can be executed in Defender EDR.

A beginner-friendly project that demonstrates how to set up a Windows Server 2019 VM in Hyper-V, connect it to Azure using Azure Arc, and collect event logs into Microsoft Sentinel for security monitoring and analysis using KQL.

Hands-on Azure SOC simulation project focused on Microsoft Sentinel, threat detection engineering, log ingestion pipelines, KQL-based analytics, custom telemetry onboarding, and real-world SOC monitoring workflows using Windows & Linux virtual machines.