Add Query

Fill out the form and generate a JSON file for your query.

How To Think About Each Field

Content Types

What kind of artifact this is.

KQL, PowerShell, YARA, Sigma, Bash, Splunk, Regex

Domains

What security area it belongs to.

Identity, Email, Endpoint, Network, Cloud

Use Cases

What you use it for.

Detection, Hunting, Triage, Investigation

Platforms

Where it applies.

Sentinel, Defender, Windows, Linux, Entra, Zscaler

Data Sources

What telemetry or source it uses.

SigninLogs, DeviceProcessEvents, Files, Registry, PowerShell

Title

Description

Query

Content Types (comma separated)

Domains (comma separated)

Use Cases (comma separated)

Platforms (comma separated)

Data Sources (comma separated)

Tags (comma separated)

MITRE Techniques (comma separated)

Severity

Author

Generated JSON

File name: new-query.json

{
  "id": "new-query",
  "title": "",
  "description": "",
  "query": "",
  "contentTypes": [],
  "domains": [],
  "useCases": [],
  "platforms": [],
  "dataSources": [],
  "tags": []
}