MCPcopy Index your code
hub / github.com/SlimKQL/Hunting-Queries-Detection-Rules

github.com/SlimKQL/Hunting-Queries-Detection-Rules @main

Chat with this repo
repository ↗ · DeepWiki ↗ · + Follow
0 symbols 0 edges 1 files 0 documented · 0%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

KQLWizard 🧙‍♂️ - KQL Sentinel & Defender queries

The purpose of this repository is to share KQL queries and threat‑hunting detections that anyone can use to strengthen their defenses. These queries are designed to expand detection coverage across Microsoft Security product logs, helping uncover activities that may not trigger alerts by default. By leveraging logs, many otherwise hidden behaviors can be surfaced and investigated.

The repository includes Detection Rules, Hunting Queries, and Visualizations, all freely available for defenders to adopt or adapt. If you have any questions, feel free to reach out to me directly. LinkedIn - Steven Lim

Presenting this material as your own is illegal and forbidden. A reference to Linkedin @0x534c or Github @SLimKQL is much appreciated when sharing or using the content.

SlimKQL Hunting-Queries-Detection-Rules - Azure KQLs - DefenderXDR KQLs - Sentinel KQLs - Detections.Ai Repo

Detections.Ai Community Group

SlimKQL Group - Invite Code: SlimKQL2026

SlimKQL 2026 Group - Invite Code: KQLWizard

SlimKQL 2026 Knowledge

Core symbols most depended-on inside this repo

Shape

For agents

$ claude mcp add Hunting-Queries-Detection-Rules \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact