About
This repo contains sample queries for Microsoft Defender for Endpoint and Advanced hunting. The queiries includes the types of data that it covers and the query language it supports, with these samples and queries, you can start to hunting.
eshlomo1 / Microsoft-Defender-for-Endpoint-Queries
Licence: other
Microsoft Defender for Endpoint Hunting Queries
Stars: ✭ 26
Projects that are alternatives of or similar to Microsoft-Defender-for-Endpoint-Queries
awesome-endpoint-detection-and-response
Collection of tool you need to have in your Endpoint Detection and Response arsenal
Stars: ✭ 27 (+3.85%)
Mutual labels: edr
Threathunter Playbook
A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.
Stars: ✭ 2,879 (+10973.08%)
Mutual labels: hunting
Awesome Threat Detection
A curated list of awesome threat detection and hunting resources
Stars: ✭ 1,804 (+6838.46%)
Mutual labels: hunting
SWELF
Simple Windows Event Log Forwarder (SWELF). Its easy to use/simply works Log Forwarder and EVTX Parser. Almost in full release here at https://github.com/ceramicskate0/SWELF/releases/latest.
Stars: ✭ 23 (-11.54%)
Mutual labels: hunting
Elkeid
Elkeid is a Cloud-Native Host-Based Intrusion Detection solution project to provide next-generation Threat Detection and Behavior Audition with modern architecture.
Stars: ✭ 1,245 (+4688.46%)
Mutual labels: edr
WELA
WELA (Windows Event Log Analyzer): The Swiss Army knife for Windows Event Logs! ゑ羅(ウェラ)
Stars: ✭ 442 (+1600%)
Mutual labels: hunting
ink
The flexible TypeScript Markdown editor that powers https://octo.app
Stars: ✭ 82 (+215.38%)
Mutual labels: mde
Security Onion
Security Onion 16.04 - Linux distro for threat hunting, enterprise security monitoring, and log management
Stars: ✭ 2,956 (+11269.23%)
Mutual labels: hunting
hayabusa
Hayabusa (隼) is a sigma-based threat hunting and fast forensics timeline generator for Windows event logs.
Stars: ✭ 908 (+3392.31%)
Mutual labels: hunting
vue-showdowns-editor
A markdown editor using codemirror and previewer using @jhuix/showdowns for Vue.js.
Stars: ✭ 27 (+3.85%)
Mutual labels: mde
r2yara
r2yara - Module for Yara using radare2 information
Stars: ✭ 30 (+15.38%)
Mutual labels: hunting
TiEtwAgent
PoC memory injection detection agent based on ETW, for offensive and defensive research purposes
Stars: ✭ 135 (+419.23%)
Mutual labels: edr
Owlyshield
Owlyshield is an EDR framework designed to safeguard vulnerable applications from potential exploitation (C&C, exfiltration and impact))..
Stars: ✭ 281 (+980.77%)
Mutual labels: edr
ScareCrow-CobaltStrike
Cobalt Strike script for ScareCrow payloads intergration (EDR/AV evasion)
Stars: ✭ 387 (+1388.46%)
Mutual labels: edr
Azure-Sentinel-4-SecOps
Microsoft Sentinel SOC Operations
Stars: ✭ 140 (+438.46%)
Mutual labels: hunting
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].