Production-ready KQL queries for Microsoft Defender XDR and Microsoft Sentinel. Focused on Threat Hunting, Detection Engineering, and MITRE ATT&CK mapping.

The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior

An automation framework for deploying Microsoft Sentinel environments using pipelines. This project combines infrastructure-as-code (Bicep) with PowerShell automation to streamline the deployment of Sentinel solutions, analytics rules, and workbooks.

Detection rules and threat hunting queries in Defender XDR and Azure Sentinel

Defender XDR Advanced Hunting Queries (MDE, MDAV, Device Discovery)

Microsoft Defender XDR KQL detections for RedSun, BlueHammer, UnDefend, and CVE-2026-33825-related Defender abuse behaviors.

A PowerShell MVP who is passionate about helping others succeed with Active Directory, Entra ID, Defender XDR, and Microsoft 365. Always learning! ✝️👨‍👩‍👧‍👦☕

Automated daily Microsoft Defender XDR security briefing delivered to Microsoft Teams using Azure Logic Apps, KQL Advanced Hunting, and Microsoft Graph.

TUI for Defender XDR using PwshSpectreConsole

A concise, practical look at strengthening email security with Defender for Office 365 and effective phishing response.

KQL Collection

Major rewrite of `mcp-defender` to add Interactive auth and support for modern defender xdr + sentinel APIs. Claude skill included. Full GH security enabled on repo (Dependabot, CodeQL, etc)

Detection-as-code for Microsoft Sentinel and Defender XDR. 12 analytic rules, 10 hunting queries, 4 SOAR playbooks, ATT&CK Navigator coverage, CI validation, and full L3 SOC workflow documentation.

SOC PowerShell Notebooks for Defender XDR

Microsoft Defender XDR Action Types

KQL queries for threat hunting in Microsoft Sentinel and Defender XDR

Analyst-friendly SOC triage assistant with structured incident briefs, recommended actions, and exportable reports.

Automated RBAC auditing for Microsoft Defender XDR - Maps roles, groups, workloads and generates interactive HTML report with KQL queries

Kusto Query Language queries for Microsoft Sentinel and Defender XDR threat hunting

Sam's notes about enterprise IT with a focus on automation, design, and security. Frequent topics will include Microsoft Active Directory, Microsoft Defender XDR, Entra ID, Intune, Microsoft 365, PowerShell, and Windows Server.