├── MTP ├── Detect Masquerade Anomaly.csl ├── Files Signed by Rare Certs.csl ├── Network Spray Detector.csl ├── Processes Created by Rare Certs.csl ├── Rare launch strings for scripting engines.csl ├── Sudden Changes in Process Creation Activity by FilePath.csl ├── Sudden Changes in Process Creation Activity by Filename.csl ├── Sudden Changes in Process Creation Activity by SHA256.csl ├── Sudden Increases in Outbound Communication by FQDN.csl └── Sudden Increases in Outbound Communication by IP.csl ├── README.md └── Webcasts └── README.md /MTP/Detect Masquerade Anomaly.csl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mjmelone/KQL/HEAD/MTP/Detect Masquerade Anomaly.csl -------------------------------------------------------------------------------- /MTP/Files Signed by Rare Certs.csl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mjmelone/KQL/HEAD/MTP/Files Signed by Rare Certs.csl -------------------------------------------------------------------------------- /MTP/Network Spray Detector.csl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mjmelone/KQL/HEAD/MTP/Network Spray Detector.csl -------------------------------------------------------------------------------- /MTP/Processes Created by Rare Certs.csl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mjmelone/KQL/HEAD/MTP/Processes Created by Rare Certs.csl -------------------------------------------------------------------------------- /MTP/Rare launch strings for scripting engines.csl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mjmelone/KQL/HEAD/MTP/Rare launch strings for scripting engines.csl -------------------------------------------------------------------------------- /MTP/Sudden Changes in Process Creation Activity by FilePath.csl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mjmelone/KQL/HEAD/MTP/Sudden Changes in Process Creation Activity by FilePath.csl -------------------------------------------------------------------------------- /MTP/Sudden Changes in Process Creation Activity by Filename.csl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mjmelone/KQL/HEAD/MTP/Sudden Changes in Process Creation Activity by Filename.csl -------------------------------------------------------------------------------- /MTP/Sudden Changes in Process Creation Activity by SHA256.csl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mjmelone/KQL/HEAD/MTP/Sudden Changes in Process Creation Activity by SHA256.csl -------------------------------------------------------------------------------- /MTP/Sudden Increases in Outbound Communication by FQDN.csl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mjmelone/KQL/HEAD/MTP/Sudden Increases in Outbound Communication by FQDN.csl -------------------------------------------------------------------------------- /MTP/Sudden Increases in Outbound Communication by IP.csl: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mjmelone/KQL/HEAD/MTP/Sudden Increases in Outbound Communication by IP.csl -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # KQL 2 | Michael Melone's Kusto Query library 3 | -------------------------------------------------------------------------------- /Webcasts/README.md: -------------------------------------------------------------------------------- 1 | 2 | --------------------------------------------------------------------------------