MDATP
Microsoft Defender XDR KQL detections for RedSun, BlueHammer, UnDefend, and CVE-2026-33825-related Defender abuse behaviors.
Maps Microsoft Defender XDR Schemas to a local Kustainer Data Explorer instance
SOC-style cyber incident investigation using KQL, Microsoft Defender XDR, and threat intelligence to analyze phishing, malware execution, data exfiltration, and nation-state threat actors.
A collection of my KQL queries
Add a description, image, and links to the microsoft-defender-xdr topic page so that developers can more easily learn about it.
To associate your repository with the microsoft-defender-xdr topic, visit your repo's landing page and select "manage topics."