The Microsoft Security Copilot Threat Hunting Agent is an AI-powered agent that revolutionizes threat hunting by enabling you to investigate threats using natural language from start to finish. Unlike traditional hunting methods that rely heavily on Kusto query language (KQL) expertise, the Threat Hunting Agent transforms complex data into actionable insights quickly and intuitively, helping ...
Learn how to use hunts for conducting end-to-end proactive threat hunting. Seek out undetected threats based on hypothesis or start broadly and refine your searches with this hunting experience.
Hunting for security threats is a highly customizable activity that is most effective when accomplished across all stages of threat hunting: proactive, reactive, and post incident. The Defender portal provides effective hunting tools for every stage of threat hunting with unified security operations services. These tools are well fit for analysts who are just starting out in their career, or ...
Use Microsoft Sentinel's built-in hunting queries to guide you into asking the right questions to find issues in your data.
Learn about advanced hunting queries in Microsoft Defender and how to use them to proactively find threats and weaknesses in your network.
Advanced hunting is based on the Kusto query language. You can use Kusto operators and statements to construct queries that locate information in a specialized schema. Watch this short video to learn some handy Kusto query language basics.
The hunting graph provides visualization capabilities in advanced hunting by rendering threat scenarios as interactive graphs. This feature allows security operations center (SOC) analysts, threat hunters, and security researchers to conduct threat hunting and incident response more easily and intuitively, improving their efficiency and ability to assess possible security issues. Analysts ...