Investigation Graph through the Hunting Blade ?

Copper Contributor

Hi all, 

Is there a way to use the investigation graph through the hunting queries ? 
I have created a hunting query to find when users are assigned Azure AD roles outside of PIM, with the associated entities (account, IpAddress). Can I investigate with the graph directly or do I have to create an analytic rule each time ? 

Kind regards, 

Emmanuel NGUYEN

4 Replies

@emmanuelnguyen You can save the results you care about as bookmarks and kick off the investigation from them.



As part of the Hunt save as a bookmark, then go to the Bookmark tab, and there is an Investigate button.

Annotation 2020-05-06 193922.jpg


Thank you so much !!
Thank you so much for the additional details !