You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.
Justin C edited this page Apr 20, 2021
·
4 revisions
Welcome to the Microsoft-365-Defender-Hunting-Queries wiki!
This repo contains sample queries for advanced hunting in Microsoft 365 Defender. With these sample queries, you can start to experience advanced hunting, including the types of data that it covers and the query language it supports. You can also explore a variety of attack techniques and how they may be surfaced through advanced hunting.
Advanced hunting queries provide a great starting point for locating and investigating suspicious behavior, and they can be customized to fit your organization's unique environment. Further, you can use these queries to build custom detection rules if you determine that behaviors, events, or data from the advanced hunting query helps you surface potential threats.