Tracking the Adversary with M365 Defender Advanced Hunting

If you’re new to advanced hunting in Microsoft 365 Defender, be sure to check out the four-part series Tali Ash and I presented in July of 2020. We start with the very basics of Kusto Query Language (KQL) and take you all the way to performing visualizations, performing anomaly detection, and track malicious activity purely through advanced hunting.

All of the content is 100% demo, and the heavily commented query files are available on GitHub here for practice in your own tenant. Happy hunting!

Episode 1: KQL Fundamentals
Episode 2: Joins
Episode 3: Summarizing, pivoting, and visualizing data
Episode 4: Let’s hunt!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s