KQL Library

This repository contains a comprehensive KQL library for Azure/M365, plus a ResourceScoped/ duplicate for every .kql that adds optional filtering by Azure resource (ResourceId, Name, Type, RG, Subscription, Location).

Generated: 20250826_121742

Use Run-KQL-Library.ps1 to run:
1. Normal Log Analytics/Sentinel queries (pick/search)
2. Microsoft 365 Defender Advanced Hunting (Graph)
3. Azure Resource Graph .arg
4. Resource-Scoped KQL: pick a resource first, runner auto-fills tokens in *.resource.kql

Structure

KQL-Library/<Pack>/*.kql – normal queries
KQL-Library/<Pack>/ResourceScoped/*.resource.kql – resource-scoped variants
Run-KQL-Library.ps1 – interactive runner
Pull-Library.ps1 – update/pull script (git or zip)
LICENSE – MIT
README.md / README.html
.gitignore
PacksIndex.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

KQL Library

Structure

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
KQL-Library		KQL-Library
.gitignore		.gitignore
LICENSE		LICENSE
Pull-Library.ps1		Pull-Library.ps1
README.html		README.html
README.md		README.md
Run-KQL-Library.ps1		Run-KQL-Library.ps1

Folders and files

Latest commit

History

Repository files navigation

KQL Library

Structure

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages