This repo has random bits a pieces of collected Sentinel scripts, queries, and knicknacks. Below is a collection of resources that may be helpful in learning about Sentinel.
- What is Microsoft Sentinel
- Official Sentinel GitHub (many gems to be found here!)
- Sentinel Ninja Training
-
Rod Trent's trove of KQL resources
- reprise99 Collection of KQL queries
- f-bader Repository with Sentinel Analytics Rules, Hunting Queries and helpful external data sources.
- ep3p Sentinel KQL (Kusto Query Language) queries and Watchlist schemes.
- rod-trent Azure Sentinel KQL
- cyb3rmik3 KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR
- Bert-JanP Sentinel and Defender Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
- FalconForceTeam/FalconFriday: Hunting queries and detections
- FalconForceTeam/KQLAnalyzer: REST server that can analyze Kusto KQL queries against the Sentinel and Microsoft 365 Defender schemas.
- wortell/KQL: KQL queries for Advanced Hunting
- Bert-JanP/MDE-DFIR-Resources: A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.
- Bert-JanP/Sentinel-Automation: Sentinel Logic Apps/Playbooks to automate enrichment, incident analysis and more.
- Sentinel Triage Assistant
- SOON
- SOON