{
	"id": "02a4ae04-33a7-40fc-821f-66bf7a45a8b3",
	"created_at": "2026-04-06T01:30:21.517147Z",
	"updated_at": "2026-04-10T03:21:43.603952Z",
	"deleted_at": null,
	"sha1_hash": "cb16cb0498322e11024280da15ebf501548dcc1d",
	"title": "GitHub - microsoft/Microsoft-365-Defender-Hunting-Queries: Sample queries for Advanced hunting in Microsoft 365 Defender",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34938,
	"plain_text": "GitHub - microsoft/Microsoft-365-Defender-Hunting-Queries:\r\nSample queries for Advanced hunting in Microsoft 365 Defender\r\nBy tali-ash\r\nArchived: 2026-04-06 00:08:07 UTC\r\npage_type sample\r\nlanguages kusto\r\nproducts Microsoft 365 Defender\r\ndescription Microsoft 365 Defender repository for Advanced Hunting\r\nDeprecated\r\nWe moved to Microsoft threat protection community, the unified Microsoft Sentinel and Microsoft 365\r\nDefender repository.\r\nMicrosoft SIEM and XDR Community provides a forum for the community members, aka, Threat Hunters, to join\r\nin and submit these contributions via GitHub Pull Requests or contribution ideas as GitHub Issues. Hunting\r\nqueries for Microsoft 365 Defender will provide value to both Microsoft 365 Defender and Microsoft Sentinel\r\nproducts, hence a multiple impact for a single contribution. These contributions can be just based on your idea of\r\nthe value to enterprise your contribution provides or can be from the GitHub open issues list or even\r\nenhancements to existing contributions.\r\nContribute your queries to the Microsoft 365 Defender folder in the Hunting Queries section.\r\nSpecifics on what is required for Hunting queries is in the Query Style Guide.\r\nWebcasts content can be found in the Tutorials folder.\r\nPower BI example can be found in the Tools folder.\r\nSource: https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries\r\nhttps://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries"
	],
	"report_names": [
		"Microsoft-365-Defender-Hunting-Queries"
	],
	"threat_actors": [],
	"ts_created_at": 1775439021,
	"ts_updated_at": 1775791303,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cb16cb0498322e11024280da15ebf501548dcc1d.pdf",
		"text": "https://archive.orkl.eu/cb16cb0498322e11024280da15ebf501548dcc1d.txt",
		"img": "https://archive.orkl.eu/cb16cb0498322e11024280da15ebf501548dcc1d.jpg"
	}
}