Skip to content
/ Detection-and-Hunting-Queries Public

This repository contains detection and threat hunting queries created by NVISO’s CSIRT and SOC teams.

www.nviso.eu

License

MIT license
7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

NVISOsecurity/Detection-and-Hunting-Queries

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
Defender for Endpoint
Defender for Endpoint
 
 
Sentinel
Sentinel
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
query_template.md
query_template.md
 
 

Repository files navigation

Detection and Hunting Queries

This repository contains detection and threat hunting queries created by NVISO’s CSIRT & SOC team. The queries are derived from handled incidents, threat hunts, trending threats, and other noteworthy activities observed in real-world investigations. While the queries currently focus on Microsoft Sentinel and Defender for Endpoint, the underlying platforms may change in the future. The primary goal is to share a core detection logic that you can fine tune or extend to your own unique environment.

The content can be used in any way you like, although a reference to @NVISO_Labs (X) or NVISOsecurity (GitHub) would be much appreciated.

License

Distributed under the MIT License. See LICENSE for more information.

About

This repository contains detection and threat hunting queries created by NVISO’s CSIRT and SOC teams.

www.nviso.eu

Topics

queries sentinel cybersecurity threat-hunting threat-detection kusto kql detection-engineering detections kusto-language defender-for-endpoint microsoft-sentinel kql-threathunting kql-queries

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

7 stars

Watchers

0 watching

Forks

0 forks
Report repository

Contributors 2

  •  
  •