Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/microsoft/microsoft-365-defender-hunting-queries
Sample queries for Advanced hunting in Microsoft 365 Defender
https://github.com/microsoft/microsoft-365-defender-hunting-queries
cybersecurity hunting sample-code
Last synced: 15 days ago
JSON representation
Sample queries for Advanced hunting in Microsoft 365 Defender
- Host: GitHub
- URL: https://github.com/microsoft/microsoft-365-defender-hunting-queries
- Owner: microsoft
- License: mit
- Archived: true
- Created: 2018-03-18T12:07:42.000Z (almost 7 years ago)
- Default Branch: master
- Last Pushed: 2022-02-17T08:59:26.000Z (almost 3 years ago)
- Last Synced: 2025-01-15T05:31:11.582Z (18 days ago)
- Topics: cybersecurity, hunting, sample-code
- Language: Jupyter Notebook
- Homepage:
- Size: 5.9 MB
- Stars: 1,952
- Watchers: 197
- Forks: 540
- Open Issues: 46
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Security: SECURITY.md
Awesome Lists containing this project
README
---
page_type: sample
languages:
- kusto
products:
- Microsoft 365 Defender
description: "Microsoft 365 Defender repository for Advanced Hunting"
---
# Deprecated
We moved to **[Microsoft threat protection community](https://github.com/Azure/Azure-Sentinel)**, the unified Microsoft Sentinel and Microsoft 365 Defender repository.
Microsoft SIEM and XDR Community provides a forum for the community members, aka, Threat Hunters, to join in and submit these contributions via GitHub Pull Requests or contribution ideas as GitHub Issues. Hunting queries for Microsoft 365 Defender will provide value to both Microsoft 365 Defender and Microsoft Sentinel products, hence a multiple impact for a single contribution. These contributions can be just based on your idea of the value to enterprise your contribution provides or can be from the GitHub open issues list or even enhancements to existing contributions.
* **[Contribute](https://github.com/Azure/Azure-Sentinel/wiki/Contribute-to-Sentinel-GitHub-Community-of-Queries)** your queries to the **[Microsoft 365 Defender folder](https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries/Microsoft%20365%20Defender)** in the Hunting Queries section.
* Specifics on what is required for Hunting queries is in the **[Query Style Guide](https://github.com/Azure/Azure-Sentinel/wiki/Query-Style-Guide)**.
* Webcasts content can be found in the **[Tutorials folder](https://github.com/Azure/Azure-Sentinel/tree/master/Tutorials/Microsoft%20365%20Defender/Webcasts)**.
* Power BI example can be found in the **[Tools folder](https://github.com/Azure/Azure-Sentinel/tree/master/Tools)**.