DE-TH-Aura, an initiative by SecurityAura, focuses on enhancing detection engineering and threat hunting capabilities using KQL (Kusto Query Language).
This effort is primarily aimed at leveraging the Microsoft Defender XDR suite and logs ingested through Microsoft Sentinel, such as Windows Security Event Logs.
The project is hosted on a GitHub repository where SecurityAura shares queries developed from various sources, including day-to-day work experiences, tweets, blog posts, research articles, and personal ideas.
As part of the initiative, SecurityAura has embarked on the #100DaysOfKQL challenge, where new queries are being developed and shared regularly.
This challenge aims to push the boundaries of what can be achieved with KQL in threat detection and hunting.
The queries from this challenge will be organized within the repository after its completion, further enriching the DE-TH-Aura project.
In summary, DE-TH-Aura is a dynamic project that leverages KQL to enhance threat detection and hunting capabilities, with a focus on continuous improvement and community engagement.
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
If you are working with Linux or writing bash scripts, one of the most common…
What is a bash case statement? A bash case statement is a way to control…
Why Do We Check Files in Bash? When writing a Bash script, you often work…