This repository contains a curated collection of **KQL (Kusto Query Language) queries** for **Microsoft Defender Advanced Hunting** and Sentinel, designed to help security analysts and IT administrators improve threat detection and incident response.
- Practical Advanced Hunting queries for Microsoft 365 Defender
- Security monitoring scripts for Endpoint, Identity, and Cloud
- Incident Response-focused KQL examples
- Optimized filters for tables like DeviceProcessEvents, EmailEvents, and AlertEvidence
- Real-world KQL examples for proactive threat hunting
- Easy customization for your own security scenarios
- Keywords for better visibility:
KQL,Microsoft Defender,Advanced Hunting,Security Queries,Threat Detection
Follow me on LinkedIn: https://www.linkedin.com/in/benjamin-zulliger/?follow
Maintained by Benjamin Zulliger