Cheat sheets can be handy for penetration testers, security analysts, and for many other technical roles. They provide best practices, shortcuts, and other ideas that save defenders a lot of time. They are especially helpful when working with tools that require special knowledge like advanced hunting because:
In the area of Digital Forensics Incident Response (DFIR), there are some great existing cheat sheets. Many of them are bookmarked or, in some cases, printed and hanging somewhere in the Security Operations Center (SOC).
Recently, several Microsoft employees and security analysts from large enterprise customers and partners came together to work on a community project to build the very first cheat sheet for advanced hunting in Microsoft Threat Protection. To get it done, we had the support and talent of Marcus Bakker, Maarten Goet, Pawel Partyka, Michael Melone, Tali Ash,and Milad Aslaner.
You can get the cheat sheet in light and dark themes in the links below:
Microsoft Threat Protection’s advanced hunting community is continuously growing, and we are excited to see that more and more security analysts and threat hunters are actively sharing their queries in the public repository on GitHub. This GitHub repo provides access to many frequently used advanced hunting queries across Microsoft Threat Protection capabilities as well as new exciting projects like Jupyter Notebook examples and now the advanced hunting cheat sheet.
You can explore and get all the queries in the cheat sheet from the GitHub repository.
For more information about advanced hunting and Kusto Query Language (KQL), go to:
Stay safe and happy hunting!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.