Microsoft-365-Defender-Hunting-Queries

Microsoft-365-Defender-Hunting-Queries copied to clipboard

Can we detect any workstation having persistence drive using any query in defender?

PuneethRaya

A-dd-Y

mjmelone

Advance hunting quey to get a Report on Missing KB From All devices.

SSR1905

User ID's Monitoring

8

Hello Team, In our workstations , we have set of applications access from the browser. We want to monitor if any one logged in the respective applications with one particular...

PuneethRaya

Updated table names in Advanced Hunting section

1

Advanced Hunting Section included legacy table names. Updates only replace the legacy table names (e.g. `AlertEvents`) with their corresponding new names (e.g. `DeviceAlertEvents`). While there are additional tables published since...

woodtechie1428

Update Open email link.txt

2

Replace old schema reference DeviceAlertEvents with AlertInfo | join AlertEvidence on AlertId

darioongit

Can you add Health state and Date last seen to the query? I added onto your query but it doesnt work and it also only queries 1 machine and not...

johnB007

Email-Suspicious-Patterns-Analysis.md

5

Email Trend Analysis Query

A-dd-Y

Web Content Filtering - status across devices query

1

Hello Microsoft Team, Not sure if this is planned already, It would be great to get few queries for a new Web Content Filtering feature. Here are few suggestions: -...

SergGu