The purpose of this repository is to share KQL queries and threat‑hunting detections that anyone can use to strengthen their defenses. These queries are designed to expand detection coverage across Microsoft Security product logs, helping uncover activities that may not trigger alerts by default. By leveraging logs, many otherwise hidden behaviors can be surfaced and investigated.
The repository includes Detection Rules, Hunting Queries, and Visualizations, all freely available for defenders to adopt or adapt. If you have any questions, feel free to reach out to me directly. LinkedIn - Steven Lim
Presenting this material as your own is illegal and forbidden. A reference to Linkedin @0x534c or Github @SLimKQL is much appreciated when sharing or using the content.
SlimKQL Hunting-Queries-Detection-Rules - Azure KQLs - DefenderXDR KQLs - Sentinel KQLs - Detections.Ai Repo
Detections.Ai Community Group
SlimKQL Group - Invite Code: SlimKQL2026