Over 600 Free KQL Detections, Rules, Threat Hunts and Queries for Microsoft Azure Sentinel

Azure Sentinel, Microsoft's cloud-native security information and event management (SIEM) platform, offers powerful capabilities for monitoring and securing your organization's infrastructure. One of the key features of Azure Sentinel is its ability to create custom detection rules using the Kusto Query Language (KQL). In this article, we will explore some rules that have been researched and developed for Azure Sentinel, while emphasizing the importance of tailoring them to suit your specific environment and requirements. These rules are intended to serve as a starting point for organizations looking to enhance their security operations and are open for anyone to use, with appropriate credit given to the original author.

These have been created and tested on online sample datasets which may limit the false postal I can remove

https://github.com/AllThingsComputers/Sentinel-Rules

DISCLAIMER: Please note that these rules are still in development and should not be solely relied upon. It is crucial to adapt and customize these rules according to your unique environment and security needs