Created
April 15, 2020 19:16
-
-
Save seamustuohy/633e399a89884ab0c9af72b672932419 to your computer and use it in GitHub Desktop.
Reference Query Document for Windows Defender ATP Advanced hunting tool
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# ADVANCED HUNTING REFERENCES | |
# Kusto Queries | |
# - Query Language REFERENCE | |
# - https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/ | |
# - Regular Expression in Kusto | |
# - https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/re2 | |
# - Allowed Regular Expression Syntax for Kusto Queries | |
# - https://github.com/google/re2/wiki/Syntax | |
# Advanced Hunting | |
# - Advanced Hunting Overview | |
# - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview | |
# - Advanced Hunting Schema | |
# - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference | |
# - Advanced hunting query best practices | |
# - https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices | |
# - Advanced Hunting Blog Posts by Microsoft | |
# - https://techcommunity.microsoft.com/t5/tag/Advanced%20hunting/tg-p/board-id/MicrosoftDefenderATPBlog | |
# Examples | |
# - Microsoft Defender Advanced Threat Protection - Resource Hub | |
# - https://github.com/alexverboon/MDATP | |
# - Sample queries for Advanced hunting in Microsoft Defender ATP | |
# - https://github.com/microsoft/WindowsDefenderATP-Hunting-Queries | |
# - KQL queries for Advanced Hunting | |
# - https://github.com/wortell/KQL | |
# - Windows Defender ATP Advanced Hunting Queries | |
# - https://github.com/eshlomo1/WindowsDefenderATP_Advanced_Hunting_Samples_Queries | |
# FAQ | |
# - Why is my old query broken?? | |
# - 2019 Advanced hunting data schema changes | |
# - https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-data-schema-changes/ba-p/1043914 | |
# In-Depth Learning Resources | |
# - Learn Kusto Query | |
# - https://www.pluralsight.com/courses/kusto-query-language-kql-from-scratch | |
# Technique Specific Info | |
# - Hunting using network adapters information | |
# - https://techcommunity.microsoft.com/t5/microsoft-defender-atp/advanced-hunting-now-includes-network-adapters-information/ba-p/224402 | |
# Using Windows Defender API | |
# - Automating Security Operations Using Windows Defender ATP APIs with Python and Jupyter Notebooks | |
# - https://techcommunity.microsoft.com/t5/Threat-Intelligence/Automating-Security-Operations-Using-Windows-Defender-ATP-APIs/m-p/294434 | |
# - WDATP APIs Demo Notebook.ipynb | |
# - https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries/blob/master/Notebooks/WDATP%20APIs%20Demo%20Notebook.ipynb | |
# - Use Windows Defender ATP APIs | |
# - https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-create-app-nativeapp | |
# - Windows Defender ATP APIs using PowerShell | |
# - https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/exposed-apis-full-sample-powershell |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment