FalconFriday
Hunting queries and detections (by FalconForceTeam)
Hunting-Queries-Detection-Rules
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules. (by Bert-JanP)
FalconFriday | Hunting-Queries-Detection-Rules | |
---|---|---|
3 | 7 | |
653 | 1,007 | |
1.5% | - | |
3.2 | 9.3 | |
about 1 month ago | 5 days ago | |
Python | ||
BSD 3-clause "New" or "Revised" License | BSD 3-clause "New" or "Revised" License |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
FalconFriday
Posts with mentions or reviews of FalconFriday.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2023-06-06.
-
Collection of Queries
Falcon Force Team - Falcon Friday Queries: https://github.com/FalconForceTeam/FalconFriday
- MS Sentinel Analytics & KQL
- Analytical rules
Hunting-Queries-Detection-Rules
Posts with mentions or reviews of Hunting-Queries-Detection-Rules.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-12-11.
- Advanced Hunting queries every admin should use
- Hunting Querie into a Detection rule
- MS Sentinel Analytics & KQL
- Analytical rules
- MDE Repointing Frequency
-
Least occurrence in MDE
This will be the query that you are looking for. I do have a lot more queries if you are interested: https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules
- Must have analytic rules
What are some alternatives?
When comparing FalconFriday and Hunting-Queries-Detection-Rules you can also consider the following projects:
chatgpt-raycast - ChatGPT raycast extension
Microsoft-365-Defender-Hunting-Queries - Sample queries for Advanced hunting in Microsoft 365 Defender
csfalcon - crowdstrike tips & tricks π¦ πΆβπ«οΈ
Sentinel-Queries - Collection of KQL queries
kusto-queries - example queries for learning the kusto language