Feb 16 2022 09:32 AM
As product and services always to continue to align its great to see movement in areas that provide pure value. The Microsoft Sentinel GitHub repository has now made room to house Microsoft 365 Defender Hunting queries.
KQL is the tie that binds these two security services, and because of that, Hunting queries for Microsoft 365 Defender are now available from the combined repository.
To locate these queries, go to the original Microsoft Sentinel GitHub repository (https://aka.ms/SentinelGitHub) and open the Hunting Queries folder to find the Microsoft 365 Defender folder.