Current version: 0.1
The purpose of this cheat sheet is to cover commonly used threat hunting queries that can be used with Microsoft Threat Protection. Microsoft Threat Protection has a threat hunting capability that is called Advance Hunting (AH). AH is based on Azure Kusto Query Language (KQL).
- Light colors: MTPAHCheatSheetv01-light.pdf
- Dark colors: MTPAHCheatSheetv01-dark.pdf
- https://docs.microsoft.com/en-us/microsoft-365/security/mtp/advanced-hunting-overview?view=o365-worldwide
- https://github.com/marcusbakker/KQL
- http://pluralsight.com/courses/kusto-query-language-kql-from-scratch
- https://techcommunity.microsoft.com/t5/microsoft-defender-atp/getting-started-with-windows-defender-atp-advanced-hunting/ba-p/215835