Project-SABER: A repository of KQL queries and parsers for threat hunting, threat detection, and log parsing in Microsoft Sentinel & Microsoft XDR (formerly Microsoft 365 Defender)
-
Updated
Mar 18, 2026
Project-SABER: A repository of KQL queries and parsers for threat hunting, threat detection, and log parsing in Microsoft Sentinel & Microsoft XDR (formerly Microsoft 365 Defender)
10 hands-on Microsoft Security Operations Analyst SC-200 labs covering Defender XDR, Sentinel, Defender for Endpoint, data connectors, detections, analytics rules, MITRE ATT&CK, incident response, Purview, Entra ID, Graph logs, KQL threat hunting, playbooks, SOC metrics, and exam readiness.
🚨 Terraform module for Microsoft Sentinel analytics rules: all eight kinds, validated at plan
Este repositório contém uma coleção de recursos e ferramentas para auxiliar na implementação, automação e otimização do Microsoft Sentinel. Ele oferece exemplos de playbooks, regras de detecção, scripts de automação, conectores de dados, e melhores práticas para configurar, monitorar e responder a incidentes de segurança usando o SIEM da Microsoft.
Building a Microsoft Sentinel detection rule for suspicious PowerShell web requests (Invoke-WebRequest) and working the incident to closure using the NIST 800-61 lifecycle. KQL analytics rule, entity mapping, and execution verification.
Add a description, image, and links to the analytics-rules topic page so that developers can more easily learn about it.
To associate your repository with the analytics-rules topic, visit your repo's landing page and select "manage topics."