Skip to main content

JOHLEM

security tools & cheatsheets

home tools cheatsheets about

← All Tools

🔎 SIEM Query Template Library

Search and filter 30 production-ready SIEM query templates across QRadar AQL, Splunk SPL, and Microsoft Sentinel KQL. Built for SOC analysts and threat hunters.

JavaScript Required

This tool requires JavaScript for interactive features. Your browser has JavaScript disabled.

For CLI browsers (Lynx, ELinks): Basic information is provided in the page content below.

.noscript-notice { background: var(--color-bg-secondary, #111); border: 1px solid var(--color-warning, #aa7); border-left: 3px solid var(--color-warning, #aa7); padding: 15px 20px; margin: 20px 0; font-size: 0.9em; } .noscript-notice p { margin: 5px 0; } .noscript-notice strong { color: var(--color-warning, #aa7); }

Category

Authentication Network Endpoints Data Access Policy Advanced

Difficulty

All Beginner Intermediate

Speed

All Quick Deep

Verified

Verified only

30 templates

No templates match your filters. Try adjusting your search or filter criteria.

Official Documentation

IBM QRadar AQL AQL Reference Guide

Splunk SPL SPL Search Reference

Microsoft Sentinel KQL KQL Reference

Query templates are provided as starting points for SOC operations. Always validate and adapt queries to your specific environment, log source configurations, and data schema before production use.

tools cheatsheets about support privacy dora security.txt

© 2026 johlem.net | Luxembourg