KQL Query Collection

This repository contains various Sentinel/Log Analytics KQL queries that I’ve created for different tasks and projects. More will be added as and when I create them.

Overview

SentinelHealth - Queries for monitoring Sentinel health. For example, data connectors.
SigninLogs - Queries for investigating sign-in activity using the SigninLogs table. Useful for detecting suspicious logins, failed attempts, and geographic anomalies, etc.

AI/LLM Summary

If you'd prefer to pass all of the queries in this repo to a LLM or AI tool like Claude or ChatGPT, you can download the repository_context.md file. It's an auto-generated merged representation of all of the KQL queries within this repo.

Name		Name	Last commit message	Last commit date
Latest commit History 33 Commits
.github/workflows		.github/workflows
O365_CL		O365_CL
SentinelHealth		SentinelHealth
SigninLogs		SigninLogs
README.md		README.md
repository_context.md		repository_context.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

KQL Query Collection

Overview

AI/LLM Summary

About

Uh oh!

Releases

Packages

Uh oh!

Uh oh!

Contributors

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

KQL Query Collection

Overview

AI/LLM Summary

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Uh oh!

Contributors

Uh oh!

Packages