Transition from Microsoft Defender for Endpoint Learn where to look for data when constructing your queries. Get a good, high-level understanding of the tables in the schema and their columns. Explore how you can quickly tweak queries, drill down to get richer information, and take response actions. Learn about charts and various ways you can view or export your results. Start learning the query language by running your first query. Learning goalĪdvanced hunting is based on Kusto query language, supporting the same syntax and operators. We recommend going through several steps to quickly get started with advanced hunting. To use advanced hunting, turn on Microsoft 365 Defender.įor more information on advanced hunting in Microsoft Defender for Cloud Apps data, see the video. This capability is similar to advanced hunting in Microsoft Defender for Endpoint and supports queries that check a broader data set from: These rules run automatically to check for and then respond to suspected breach activity, misconfigured machines, and other findings. You can use the same threat hunting queries to build custom detection rules.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |