My collection of Microsoft 365 Advanced Hunting Queries written in Kusto Query Language (KQL).
This repo includes '🔎' icons with hotlinks that plug the queries right into your M365 Security tenant.
Click on a category to start exploring my hunting queries!
- Identify the most significant spikes in various activities
- Queries that help you build your Attack Surface Reduction policies
- Kusto queries that can be turned into detection rules to create alerts
- Hunt for specific exploits being used in your environment
- Hunt for known IOCs and activity from compromised hosts
- Identify potential phishing emails in your environment
- Highlight bad operational security practices
- Useful queries that help with identity correlation, metrics, policy building, etc.