DrKundankumarSaraf/SIEM-Splunk-Sentinel-Queries
GitHub: DrKundankumarSaraf/SIEM-Splunk-Sentinel-Queries
这是一个收集了用于威胁检测、监控和事件调查的 Splunk 及 Microsoft Sentinel 真实 SIEM 查询语句的资源库。
Stars: 0 | Forks: 0
# SIEM-Splunk-Sentinel-Queries
使用 Splunk 和 Microsoft Sentinel (KQL) 进行威胁检测的真实世界 SIEM 查询集合
### 📄 README.md
```
# SIEM Queries (Splunk & Microsoft Sentinel)
Collection of real-world SIEM queries for threat detection, monitoring, and incident investigation.
## 📌 Categories
### 🔹 Splunk Queries
- Failed Login Attempts
- Suspicious IP Detection
- Malware Indicators
### 🔹 KQL Queries (Microsoft Sentinel)
- Brute Force Detection
- Impossible Travel
- Privilege Escalation
## 💡 Example (Splunk)
```
标签:AMSI绕过, KQL, Kusto, Microsoft Sentinel, Web报告查看器, 免杀技术, 协议分析, 威胁检测, 安全运营, 实战查询, 异常检测, 恶意软件, 情报检测, 扫描框架, 暴力破解检测, 权限提升, 登录分析, 红队行动, 速率限制