KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
Home Page: https://kqlquery.com
License: BSD 3-Clause "New" or "Revised" License
My organizations Microsoft Defender custom detection rules have all disappeared, about half of our blocked IOC's have vanished as well. I'd like to know if this is peculiar to anyone and if there is a solution?
[New LOLBIN with external connection](https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/blob/main/Defender%20For%20Endpoint/Living%20Off%20The%20Land/NewLOLBinExternalConnection.md#new-lolbin-with-external-connection) is referencing the KQL geo_info_from_ip_address function, but it looks like it isn't supported in Defender for Endpoints Advanced Hunting:
Hi,
The detection https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/blob/main/Threat%20Hunting%20Cases/Suspicious%20Encoded%20Powershell.md is working however when tested with Red the base64_decode_tostring function fails to decode the base64 encoded string every time:
Here's the base64 string:
VwByAGkAdABlAC0ASABvAHMAdAAgACIASABlAHkALAAgAEEAdABvAG0AaQBjACEAIgA=
As you can see decoding with base64 -d works just fine
Thanks !
Hi,
I'm having trouble with Behavior Detections in Sentinel.
It states that you should be able to pull from the Behaviorinfo/BehaviorEntities tables from Sentinel.
However i cannot pull from these tables, and the connectors are in place.
I can also not confirm in any ms documentation that you should be able to, only that you can do it in the defender portal using advanced hunting. (which works)
Am i missing something? Or can you only do it from the defender portal/advanced huting?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
