Awesome

DE-TH-Aura

As of 2024/08/05, since I'm on paternity leave, this repo will be organized in a way that I see fit which means ... it may be all over the place. However, as I add more detection, queries, etc. I'll try to organize it in a way that makes it easier to navigate and find stuff.

Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or even inspiration). These sources can be:

• Tweets
• Blog posts
• Research articles
• Random thoughts
• Stuff I come across in my day-to-day work

Most of the queries in this repository will be in KQL (Microsoft Sentinel, Microsoft Defender XDR). At some point, I would like to add some pseudo-code using Sigma but for now, it'll be KQL only

The template used to create the various pages in this repo comes from Bert-JanP Hunting-Queries-Detection-Rules repo! Make sure to give it a star and follow it!

https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules/blob/main/DetectionTemplate.md