Skip to content

Latest commit

 

History

History
 
 

Posture

Security Posture Hunting Queries

Clicking on the name of the query will bring you to the file for it in this git repo.

Or try them out right away in your M365 Security tenant:

Click on the '🔎' hotlink to plug the query right into your Advanced Hunting Query page

  • Files with the substring "password" in the name
  • Results probably contain users' passwords in plain text
  • Included file extensions: .doc .docx .xls .xlsx .txt
  • List all software in your environment with Critical CVEs
  • Shows how many devices have each version of the software
  • Indicates whether the Critical CVEs have public exploits
  • Best practice endpoint configurations for Microsoft Defender for Endpoint deployment
  • Find and fix devices out of compliance
  • Identify holes in your security configuration deployment
  • Files with the substring "password" in the name
  • Results probably contain users' passwords in plain text
  • Included file extensions: .doc .docx .xls .xlsx .txt
  • Pie Chart for your viewing pleasure
  • Determines whether each version of every program in your environment is vulnerable, expoloitable, or neither
  • Takes into account how many devices have each version of a program
  • By default, account for all CVE severities