Blue Team Queries

Built this to allow me to have access to common queries I use for investigation or hunts. Please feel free to share and use. Good Hunting!

KQL

Microsoft KQL

This Section covers KQL queries for detection inside Microsoft Security Suite.

 Elastic

Elastic ES|QL

This Section covers Elastic ESQL queries for detection inside Elastic Stack.

 Splunk

Splunk SPL

This Section covers SQL queries for detection inside Splunk SIEM.