My collection of Microsoft 365 Advanced Hunting Queries written in Kusto Query Language (KQL).
This repo includes '๐' icons with hotlinks that plug the queries right into your M365 Security tenant.
Click on a category to start exploring my hunting queries!
- Identify the most significant spikes in various activities
- Kusto queries that can be turned into detection rules to create alerts
- Hunt for specific exploits being used in your environment
- Hunt for known IOCs and activity from compromised hosts
- Identify potential phishing emails in your environment
- Highlight bad operational security practices
- Useful queries that help with identity correlation, ASR rules, metrics, etc.