microsoft-sentinel-kql

Here are 2 public repositories matching this topic...

AkashBhat10 / MicrosoftSentinel-kql-lab

Microsoft Sentinel cloud SIEM lab - deployed Azure VM, ingested Windows Security Events via AMA, wrote KQL queries to detect brute force attacks and failed logins in real time. Replicates L1 SOC analyst workflows.

azure incident-response cloud-security brute-force-detection microsoft-sentinel-kql siem-log-analytics windows-security-events

Updated May 30, 2026

annKimani-ICS / Sentinel-SOC-Homelab

Star

A Microsoft Sentinel SOC homelab in Azure, where I built and validated a basic cloud SOC workflow: data onboarding, detection, investigation, and visualization. It demonstrates practical blue-team skills in SIEM operations, KQL-based threat hunting, watchlist enrichment, and workbook reporting.

microsoft-azure microsoft-sentinel kql-threathunting incident-triage soc-analysis microsoft-sentinel-workbook incident-logging microsoft-sentinel-kql

Updated Jun 2, 2026

Improve this page

Add a description, image, and links to the microsoft-sentinel-kql topic page so that developers can more easily learn about it.

Curate this topic

Add this topic to your repo

To associate your repository with the microsoft-sentinel-kql topic, visit your repo's landing page and select "manage topics."

Learn more

Provide feedback

Saved searches

Use saved searches to filter your results more quickly