MS Defender Advanced Hunting using KQL Queries

Let's check the MS Defender Advanced Hunting using KQL Queries in this video. There are two types of Threats hunting in the Microsoft 365 Defender world. We will discuss both of those hunting techniques in this video.

#msdefender #msintune #microsoft365 #microsoftdefender #threathunting #mde #kql #kqlqueries

🔥Microsoft Defender for Endpoint MDE -    • Microsoft Defender for Endpoint MDE  

=
Microsoft Defender for Endpoint New Setting Management Experience - Enable New MDE Security Settings Management Experience -

⭐https://www.anoopcnair.com/new-mde-se...

==
MS Defender Advanced Hunting?

Query Based Advanced Hunting
Advanced = KQL
Guided = Query Editor
Sample Queries

==
What is M365 Defender Advanced Hunting?

Advanced hunting is a query-based threat hunting tool that lets you explore up to 30 days of raw data.
You can proactively inspect events in your network to locate threat indicators and entities.
The flexible access to data enables unconstrained hunting for both known and potential threats.

Advanced hunting supports queries that check a broader data set coming from:
Microsoft Defender for Endpoint
Microsoft Defender for Office 365
Microsoft Defender for Cloud Apps
Microsoft Defender for Identity

==
How to Pick your hunting path?

Proactively hunt for threats with powerful queries.
Start with the query builder in guided mode
Or use Kusto Query Language (KQL) in advanced mode.

==
Guided Advanced Hunting?

Start with the query builder in guided mode
The query builder in guided mode allows analysts to craft meaningful hunting queries without knowing Kusto Query Language (KQL) or the data schema.

==
KQL Query - Advanced Hunting?

Use Kusto Query Language (KQL) query in advanced mode.
You can use Kusto operators and statements to construct queries that locate information in a specialized schema.

==
Schema - Advanced Hunting?

The advanced hunting schema is made up of multiple tables that provide either event information or information about devices, alerts, identities, and other entity types.
Click on 3 dots (vertical) and select view reference to get column details.

==
Queries - Advanced Hunting?

Queries are KQL queries used for MS Defender Advanced Hunting.
There are three types of queries available in MS Defender Advanced Hunting
Shared Queries
My queries
Community Queries

==
Microsoft Docs

https://learn.microsoft.com/en-us/mic...
https://learn.microsoft.com/en-us/mic...
https://learn.microsoft.com/en-us/mic...
https://learn.microsoft.com/en-us/mic...

==
More Blog posts related to SCCM/Intune/Windows 11/Cloud PC/AVD/Hyper-V/Cloud/IT Pro/Azure -

✔ https://www.anoopcnair.com/windows-365/

👉 Stay Connected - https://howtomanagedevices.com/stay-c... 👉 https://howtomanagedevices.com/sccm/1...

#CloudPC #Windows365 #W365

https://howtomanagedevices.com/

Learn SCCM Read https://www.anoopcnair.com/sccm/
https://www.anoopcnair.com/learn-sccm...

Learn Intune Read - https://www.anoopcnair.com/intune/
https://www.anoopcnair.com/learn-micr...
Learn Windows 10 Read - https://www.anoopcnair.com/windows-10/

Learn Hyper-V Read - https://www.anoopcnair.com/hyperv-2/

Learn About Cloud Read - https://www.anoopcnair.com/cloud/

Learn about Azure Read - https://www.anoopcnair.com/cloud/azure/

Learn About IT Pros Events - https://www.anoopcnair.com/itpro/

Learn about me - https://www.anoopcnair.com/about/

#SCCM #ConfigMgr #SCCMVideos #SCCMTutorials #SCCMStudyVideos #SCCMFreeTraining #SCCMTraining #HowtoManageDevices

#Intune #MicrosoftIntune #IntuneVideos #IntuneTutorials #IntuneGuide #IntuneStudy #MSIntune #IntuneTraining #HowtoManageDevices