Skip to content

Latest commit

 

History

History
32 lines (21 loc) · 1.14 KB

README.md

File metadata and controls

32 lines (21 loc) · 1.14 KB

AdvancedHuntingQueries

My collection of Microsoft 365 Advanced Hunting Queries written in Kusto Query Language (KQL).

This repo includes '🔎' icons with hotlinks that plug the queries right into your M365 Security tenant.

Click on a category to start exploring my hunting queries!

Query Categories:

  • Identify the most significant spikes in various activities
  • Kusto queries that can be turned into detection rules to create alerts
  • Hunt for specific exploits being used in your environment
  • Hunt for known IOCs and activity from compromised hosts
  • Identify potential phishing emails in your environment
  • Highlight bad operational security practices
  • Useful queries that help with identity correlation, metrics, policy building, etc.