DE-TH-Aura, an initiative by SecurityAura, focuses on enhancing detection engineering and threat hunting capabilities using KQL (Kusto Query Language).
This effort is primarily aimed at leveraging the Microsoft Defender XDR suite and logs ingested through Microsoft Sentinel, such as Windows Security Event Logs.
The project is hosted on a GitHub repository where SecurityAura shares queries developed from various sources, including day-to-day work experiences, tweets, blog posts, research articles, and personal ideas.
As part of the initiative, SecurityAura has embarked on the #100DaysOfKQL challenge, where new queries are being developed and shared regularly.
This challenge aims to push the boundaries of what can be achieved with KQL in threat detection and hunting.
The queries from this challenge will be organized within the repository after its completion, further enriching the DE-TH-Aura project.
In summary, DE-TH-Aura is a dynamic project that leverages KQL to enhance threat detection and hunting capabilities, with a focus on continuous improvement and community engagement.
The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…
Introduction In digital investigations, images often hold more information than meets the eye. With the…
The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…
What is a Port? A port in networking acts like a gateway that directs data…
The ls command is fundamental for anyone working with Linux. It’s used to display the files and…
The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…