MDATP
-
Updated
Jul 20, 2024 - PowerShell
MDATP
The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior
10 hands-on Microsoft Identity and Access Administrator SC-300 labs covering Microsoft Entra users, groups, devices, external and hybrid identity, MFA, SSPR, Conditional Access, ID Protection, Global Secure Access, workload identities, enterprise apps, app registrations, governance, PIM, logs, KQL, and exam readiness.
A collection of Mitre ATT&CK aligned KQL detection, hunting, and audit queries for Defender XDR.
Add a description, image, and links to the defender-for-cloud-apps topic page so that developers can more easily learn about it.
To associate your repository with the defender-for-cloud-apps topic, visit your repo's landing page and select "manage topics."