What started as a single blog is now becoming a yearly trend. More and more KQL related repositories are created, not only with a focus on security but also Intune, Entra and Azure Monitor related queries. Dive in and discover how these new additions can help you tackle challenges or give you new ideas for the new year.

Happy New Year to all of you!

KQL Sources

GitHub Repositories

KQL Community Repositories

Link	Description	Stars
Azure Sentinel Repository - Azure	Cloud-native SIEM for intelligent security analytics for your entire enterprise
Sentinel-Queries - reprise99	Collection of KQL queries
Falcon Friday - FalconForceTeam	Hunting queries and detections
Threat-Hunting-and-Detection - Cyb3r-Monk	Repository for threat hunting and detection queries, etc. for Defender for Endpoint and Microsoft Sentinel in KQL(Kusto Query Language).
Hunting-Queries-Detection-Rules - Bert-JanP	KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.
AzSentinelQueries - f-bader	Repository with Sentinel Analytics Rules and Hunting Queries
KQL-threat-hunting-queries - cyb3rmik3	A repository of KQL queries focused on threat hunting and threat detecting for Microsoft Sentinel & Microsoft XDR (Former Microsoft 365 Defender).
KQL - Wortell	KQL queries for Advanced Hunting
SentinelKQL - rod-trent	Azure Sentinel KQL
Sentinel_KQL - ep3p	In this repository you may find KQL (Kusto Query Language) queries and Watchlist schemes for data sources related to Microsoft Sentinel (a SIEM tool).
AdvancedHuntingQueries - lawndoc	Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
MDATP AdvancedHunting - JesseEsquivel	Microsoft Defender Advanced Threat Protection
KQL - mjmelone	Michael Melone’s Kusto Query library
AzureSentinel - Cloud-Architekt	Sharing my KQL queries for Azure Sentinel
Hunting-Queries-Detection-Rules - alexverboon	KQL Queries. Microsoft 365 Defender, Microsoft Sentinel
KQL Security Queries - Shivammalaviya	KQL Security Queries
Invictus-training - KQL-QueryPack - invictus-ir	Invictus: Cloud Incident Response Query Pack
DefenderATPQueries - 0xAnalyst	Hunting Queries for Defender ATP
LearningKijo/KQL	Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
awesomekql - awesomekql	Microsoft Sentinel, Defender for Endpoint - KQL Detection Packs
Hunting-Queries-Detection-Rules - KustoKing	KQL Detections for Microsoft Sentinel and Microsoft 365 Defender
KQL- mr-r3b00t	This is for my crappy (but hopefully useful) MDE and Sentinel KQL queries! #KQLThePlanet
MustLearnKQL - rod-trent	Code included as part of the MustLearnKQL blog series
kql-for-dfir - reprise99	A guide to using Azure Data Explorer and KQL for DFIR
Invictus-training - Invictus	Cloud Incident Response Query Pack
MDATP - JesseEsquivel	Microsoft Defender Advanced Threat Protection
DefenderATPQueries - 0xAnalyst	Hunting Queries for Defender ATP
KQL - LearningKijo	Threat Hunting query in Microsoft 365 Defender, XDR. Provide out-of-the-box KQL hunting queries - App, Email, Identity and Endpoint.
KQL - KostasKoutrou	KQL Queries for Advanced Hunting / Log Analytics
Sentinel-queries - samilamppu	Sentinel-queries
Hunting-Queries-Detection-Rules - SlimKQL	KQL Queries. Microsoft Defender, Microsoft Sentinel
KustQueryLanguage_kql - m4nbat	Cyber Defence related kusto queries for use in Azure Sentinel and Defender advanced hunting
DE-TH-Aura - SecurityAura	Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or even inspiration).
Threat-Hunting-KQL-Queries	Threat-Hunting-KQL-Queries
Kustonomicon	The Kustonomicon is your reference companion for navigating the depths of Kusto Query Language (KQL).
KQL_Intune	KQL_Intune

If you have additions please let me know!

Questions? Feel free to reach out to me on any of my socials.