This repository is a collection of Kusto Query Language (KQL) queries, reusable KQL functions, Microsoft Graph PowerShell scripts, and more designed to enhance security operations within Microsoft Sentinel, Azure Monitor, and Entra environments.
- 🔹 KQL Queries – Ready-to-use queries for threat hunting, security monitoring, and incident investigation in Microsoft Sentinel and Log Analytics.
- 🔹 KQL Functions – Reusable functions to streamline complex queries and optimize security analytics.
- 🔹 Graph PowerShell Scripts – Scripts leveraging the Microsoft Graph API to automate security tasks, gather intelligence, and interact with Entra ID.
- Copy and paste the queries into Microsoft Sentinel’s Log Analytics or Azure Monitor.
- Modify parameters to fit your specific use case.
- Use functions to simplify and modularize your own KQL queries.
- Ensure you have PowerShell 7+ installed.
- Install the Microsoft Graph PowerShell module if not already installed:
Install-Module Microsoft.Graph -Scope CurrentUser
- Authenticate and execute scripts to automate security monitoring, identity management, and other tasks.
This is an evolving repository—new queries and scripts will be added based on emerging threats and best practices. Contributions, suggestions, and feedback are always welcome!
📧 Feel free to open an issue or submit a pull request if you have queries or scripts to share.