Hunting queries and detections
-
Updated
Apr 4, 2024
Hunting queries and detections
Microsoft 365 Advanced Hunting Queries with hotlinks that plug the query right into your tenant
Hunting Queries for Defender ATP
Add-on to onboard telemetry data via Microsoft Defender ATP hunting API in Splunk (ES)
A PowerShell module to interact with Microsoft's Defender for Endpoint API.
Deploy Microsoft Defender Endpoint for Linux with Ansible
Defender for Endpoint Advanced Hunting Queries
Use KQG and generate Kusto scripts | Used with Defender ATP
Config files for my GitHub profile.
Custom made Query which you can run in your Microsoft Defender - Advanced Hunting tool to look for network activity related to Egregor Ransomware.
PowerShell for Threat Management Explorer
Add a description, image, and links to the defender-atp topic page so that developers can more easily learn about it.
To associate your repository with the defender-atp topic, visit your repo's landing page and select "manage topics."