Skip to content

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant

License

Notifications You must be signed in to change notification settings

rc-MikeDevens/AdvancedHuntingQueries

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

97 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

AdvancedHuntingQueries

My collection of Microsoft 365 Advanced Hunting Queries written in Kusto Query Language (KQL).

This repo includes '🔎' icons with hotlinks that plug the queries right into your M365 Security tenant.

Click on a category to start exploring my hunting queries!

Query Categories:

  • Identify the most significant spikes in various activities
  • Kusto queries that can be turned into detection rules to create alerts
  • Hunt for specific exploits being used in your environment
  • Hunt for known IOCs and activity from compromised hosts
  • Identify potential phishing emails in your environment
  • Highlight bad operational security practices
  • Useful queries that help with identity correlation, metrics, policy building, etc.

About

Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published