Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

KQL queries for investigative purposes in Microsoft 365 Defender

Copper Contributor

Quite new to KQL but wanted to how one could use it to enhance or help an investigation of an Alert/Incident I know this may sound generic but any suggestions ,ideas or examples will be appreciated 

1 Reply
Hi, did you have a look at the NinjaShow? https://www.youtube.com/playlist?list=PLmAptfqzxVEXzbOYvCMjXJQuAwpqnACZ4
Even though it's in the context of Defender for Endpoint, we talk about the investigation experience and also touch on advanced hunting in this episode: https://www.youtube.com/watch?v=TUU5o2Z7oYw&list=PLmAptfqzxVEXzbOYvCMjXJQuAwpqnACZ4&index=7&t=1252s
Another excellent webinar I would recommend is this: https://www.youtube.com/watch?v=0D9TkGjeJwM&feature=youtu.be