Forum Discussion

Deleted's avatar
Deleted
Nov 03, 2021

Advanced hunting on email threats

Hello to all M365 Defender gurus out there. Disclaimer: I am new to M365 Defender and my question may be obvious for the seasoned professional.   Situation: I am using M365 Defender's Advanced hun...
email security
microsoft 365
microsoft 365 defender
David Caddick's avatar
David Caddick
Iron Contributor
Nov 03, 2021

Deleted 

 

So just curious - have you tried using the "Threat Explorer"?
https://security.microsoft.com/threatexplorer

 

You can use this and search "All Emails" for "Ignite" & then in the lower half of the console you can choose Select All and the actions available are:

  • Move & Delete
  • Track & Notify
  • Start new Submission

Track & Notify includes:

  1. Trigger Investigation
  2. Investigate Sender
  3. Investigate Recipient
  4. Add to remediation
  5. Contact recipients

Start new Submission includes:

  1. Report clean
  2. Report phishing
  3. Report malware
  4. Report spam

Hope that helps?

 

Deleted's avatar
Deleted
Nov 04, 2021
Thank you for the suggestion. I did look at "Threat Explorer" and was happy to see the actions. However, I was hoping to utilize the power of the query language to fine-tune these hunts, as it seems the "Threat Explorer" conditions have less meta-data fields available, compared to the Advanced Hunt queries. I am simply questioning, why the "take actions" within the Advanced Hunt results don't allow the same actions that "Threat Explorer" offers for emails.