Defender Resources on GitHub

Copilot for Security

• Microsoft Copilot For Security Community

Entra ID

• Azure AD - Attack and Defense Playbook

KQL

• Microsoft Defender 365 raw data schema - Overview
• BertJanCyber
• Ugur Koc
• Adarsh Pandey
• Marco Gerber
• Azure Sentinel KQL Queries by reprise99
• KQL Reference Manual by SecGroundZero
• Blue teaming with KQL by Ashwin Patil
• Sentinel Queries
• SecGroundZero KQL Reference Material
• ashwin-patil - Blue Teaming with KQL
• blue-teaming-with-kql
• Threat hunting and detection by Cyb3r-Monk
• CGCFAD WDATP-Advanced-Hunting
• richlilly2004 MDATP hunting queries
• KQL Tools
• CGCFAD Hunting Queries
• Falcon Friday
• https://github.com/cyb3rmik3/KQL-threat-hunting-queries

Threat Hunting

• PowerShell-Hunter