0
(0)

 Important

The improved Microsoft 365 Defender portal is now available. This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 Defender portal. Learn what’s new.

Applies to:

  • Microsoft 365 Defender
  • Microsoft Defender for Endpoint

Advanced hunting queries can be shared among users in the same organization. You can also find queries shared publicly on GitHub. These queries let you quickly pursue specific threat hunting scenarios without having to write queries from scratch.

Image of shared queries.

Save, modify, and share a query

You can save a new or existing query so that it is only accessible to you or shared with other users in your organization.

  1. Create or modify a query.
  2. Click the Save query drop-down button and select Save as.
  3. Enter a name for the query.

    Image of saving a query.

  4. Select the folder where you’d like to save the query.
    • Shared queries — shared to all users your organization
    • My queries — accessible only to you
  5. Select Save.

Delete or rename a query

  1. Select the three dots to the right of a query you want to rename or delete.

    Image of delete query.

  2. Select Delete and confirm deletion. Or select Rename and provide a new name for the query.

To generate a link that opens your query directly in the advanced hunting query editor, finalize your query and select Share link.

Access queries in the GitHub repository

Microsoft security researchers regularly share advanced hunting queries in a designated public repository on GitHub. This repository is open to contributions. To contribute, join GitHub for free.

 Tip

Microsoft security researchers also provide advanced hunting queries that you can use to locate activities and indicators associated with emerging threats. These queries are provided as part of the threat analytics reports in Microsoft Defender Security Center.

Source : Official Microsoft Brand
Editor by : BEST Antivirus KBS Team

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

(Visited 25 times, 1 visits today)