diff --git a/README.md b/README.md
index 241012f..d6f3d19 100644
--- a/README.md
+++ b/README.md
@@ -35,6 +35,7 @@ This mirrors actual triage experience so I encourage you to try it out.
 ## Implementations
 - Python: [drapeindex.py](drapeindex.py)
 - Splunk (SPL): [drapeindex.spl](/drapeindex.spl)
+- Sentinel (KQL): [drapeindex.kql](/drapeindex.kql)
 
 ### Outpout Sample (v1.0)
 <p align="center"><img src=drapev1_output.png></p>
diff --git a/drapeindex.kql b/drapeindex.kql
new file mode 100644
index 0000000..c08e272
--- /dev/null
+++ b/drapeindex.kql
@@ -0,0 +1,27 @@
+// Get FPs and TPs
+let timestamp = 60d;
+SecurityIncident
+| where TimeGenerated >= ago(timestamp)
+| where Status == "Closed"
+| where isnotempty(Classification)
+| where Classification has_any("TruePostive", "FalsePositive", "BenignPositive")
+| summarize
+      TP = countif(Classification == "TruePositive" or Classification  == "BenignPositive"), // Alter depending on how you use Benign classification
+      FP = countif(Classification == "FalsePositive")
+      by Title
+//*********************
+//** Add DRAPE INDEX ** 
+//*********************
+// Add weights
+| extend
+      k = 0.18,
+      w = 0.22
+// Apply scoring formula
+| extend indexscore =
+        ( log(TP + 1) * (1 + (w * (TP / (TP + FP)))) )
+        - ( (k * log(FP + 1)) / (log(TP + 1) + 1) )
+// Handle divide-by-zero
+| extend indexscore = iff(TP + FP > 0, indexscore, real(null))
+// Scale & round
+| extend indexscore = round(indexscore * 10, 2)
+| project-away k, w