Advanced Hunting KQL Queries for M365 Defender for Identity/Endpoint/Office 365 etc.
These queries are supplied using the MIT license and are provided as-is. They offer no warranty.
Select a KQL query from this repo and customize to your environment to find and alert on specific incidents that might go unnoticed by the Defender products in general.
//Viktor