MDATP
-
Updated
Jul 20, 2024 - PowerShell
MDATP
Microsoft Defender XDR KQL detections for RedSun, BlueHammer, UnDefend, and CVE-2026-33825-related Defender abuse behaviors.
Maps Microsoft Defender XDR Schemas to a local Kustainer Data Explorer instance
A collection of my KQL queries
A curated list of high-quality resources focused on securing Microsoft cloud environments, including Identity (Entra ID), Microsoft 365, Microsoft Defender, Sentinel and Microsoft Purview.
SOC-style cyber incident investigation using KQL, Microsoft Defender XDR, and threat intelligence to analyze phishing, malware execution, data exfiltration, and nation-state threat actors.
Detection-as-Code threat-hunting framework for Microsoft Defender XDR & Sentinel
SOC Analyst Portfolio | Microsoft Defender XDR | Threat Hunting | Incident Response | Active Directory | Entra ID
Microsoft Defender XDR Action Types
Cloud-native identity compromise hunt in Microsoft Entra ID and Microsoft 365. Reconstructed a patient operator's session from a Low-rated anonymous IP alert through internal spearphishing, inbox rule persistence, and credential theft using Sentinel KQL.
Generate production-like Microsoft Defender XDR telemetry based on a YAML profile
Add a description, image, and links to the microsoft-defender-xdr topic page so that developers can more easily learn about it.
To associate your repository with the microsoft-defender-xdr topic, visit your repo's landing page and select "manage topics."