Read about managing access to Microsoft 365 Defender. Read about required roles and permissions for advanced hunting.Īlso, your access to endpoint data is determined by role-based access control (RBAC) settings in Microsoft Defender for Endpoint. To use advanced hunting or other Microsoft 365 Defender capabilities, you need an appropriate role in Azure Active Directory. Understand how you can use advanced hunting queries to trigger alerts and take response actions automatically. Understand how to create efficient and error-free queries. Hunt for threats across devices, emails, apps, and identities Explore collections of predefined queries covering different threat hunting scenarios. Train for free with guides from Microsoft experts. Transition from Microsoft Defender for Endpoint
Learn where to look for data when constructing your queries. Get a good, high-level understanding of the tables in the schema and their columns. Explore how you can quickly tweak queries, drill down to get richer information, and take response actions. Learn about charts and various ways you can view or export your results. Start learning the query language by running your first query. Learning goalĪdvanced hunting is based on Kusto query language, supporting the same syntax and operators. We recommend going through several steps to quickly get started with advanced hunting.
To use advanced hunting, turn on Microsoft 365 Defender.įor more information on advanced hunting in Microsoft Defender for Cloud Apps data, see the video. This capability is similar to advanced hunting in Microsoft Defender for Endpoint and supports queries that check a broader data set from: These rules run automatically to check for and then respond to suspected breach activity, misconfigured machines, and other findings. You can use the same threat hunting queries to build custom detection rules.
0 kommentar(er)
