Please note these rules are built by me in my own time and are not in any way related to StripeOLT and you can use them as you like given the open source license.

Some Azure Sentinel/ DATP KQL will be dumped here to help others on their journey.

For inexperienced viewers I will start to break down these queries into how exactly they work as well as publishing new rules to help cope with the latest security incidents for your SOC.

You can use as mentioned in my article the website: https://kustoking.com which is not maintained by me, however does have some great resources on learning KQL.

These are some kql dumps for Azure Sentinel analytics, these help detect bad behaviour within a network. Folder titled 'lolbas' contains rules surrounding abuse of system binaries which is becoming increasingly common for threat actors to use throughout the attack, from initial access -> exfiltration, as they are much less detected, than say a generic malware.exe

In the root folder you will find rules surrounding recent breaches/ exploits/ vulnerabilities.

https://cylaris.org