KQL Threat Hunting

You can use and run those shared queries in Defender XDR/EDR to find any correlated events with IoCs extracted from threat feeds, export vulnerability reports and so on.

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
CountCVEbySeverity.kql		CountCVEbySeverity.kql
DailyIoCsHASHES.kql		DailyIoCsHASHES.kql
DailyIoCsIPs.kql		DailyIoCsIPs.kql
DailyIoCsURLs.kql		DailyIoCsURLs.kql
DiskPaths_SoftwareInventory.kql		DiskPaths_SoftwareInventory.kql
InternetFacingVuln.kql		InternetFacingVuln.kql
OnboardedDevices.kql		OnboardedDevices.kql
README.md		README.md
SCIDsRefSheet.kql		SCIDsRefSheet.kql
SoftwareInventoryByDeviceName.kql		SoftwareInventoryByDeviceName.kql
VulnReporting_CVEListPerDevice		VulnReporting_CVEListPerDevice
VulnReporting_CountByDeviceName.kql		VulnReporting_CountByDeviceName.kql

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

KQL Threat Hunting

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

KQL Threat Hunting

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Packages