Skip to content

Microsoft Sentinel Tools

A collection of KQL queries and Azure Workbooks for Microsoft Sentinel.

  • Workbooks

    Pre-built Azure Workbooks for security monitoring, MFA analysis, sign-in investigation, and more.

    Browse Workbooks

  • KQL Queries

    Ready-to-use Kusto Query Language queries for alerting and hunting in Microsoft Sentinel.

    Browse Queries

Quick Start

Installing a Workbook

  1. Navigate to Microsoft Sentinel > Workbooks > Add workbook
  2. Click Edit then Advanced editor
  3. Copy the contents of the desired template.json file
  4. Paste into the editor and click Apply
  5. Save the workbook

Using a KQL Query

  1. Navigate to Investigation & response > Hunting > Advanced hunting
  2. Copy the desired .kql query
  3. Paste into the query editor
  4. Adjust parameters as needed and run query

License

This project is licensed under the MIT License.