Defender Resources on GitHub

Copilot for Security

• Microsoft Copilot For Security Community

Entra ID

• Azure AD - Attack and Defense Playbook

Defender for Endpoint

• Live Response Scripts from YongRhee
• Linux - iOS
• GunDog
• mdatp pwsh
• AndyFul - ConfigureDefender
• David Sass - DefenderASR
• Microsoft Defender Advanced Threat Protection PowerShell Module
• defender-atp-manageability
• MDATP PowerBI
• Github - Power BI Report templates powered by Microsoft Defender Advanced Threat Protection Advance Hunting Queries
• MDATP PowerBI

Threat Intelligence

• MDTI Solutions

ITDR

• ITDR - Identity Threat Detection and Response

KQL

• Microsoft Defender 365 raw data schema - Overview
• BertJanCyber
• Ugur Koc
• Adarsh Pandey
• Marco Gerber
• Azure Sentinel KQL Queries by reprise99
• KQL Reference Manual by SecGroundZero
• Blue teaming with KQL by Ashwin Patil
• Sentinel Queries
• SecGroundZero KQL Reference Material
• ashwin-patil - Blue Teaming with KQL
• blue-teaming-with-kql
• Threat hunting and detection by Cyb3r-Monk
• CGCFAD WDATP-Advanced-Hunting
• richlilly2004 MDATP hunting queries
• KQL Tools
• CGCFAD Hunting Queries
• Falcon Friday
• https://github.com/cyb3rmik3/KQL-threat-hunting-queries