KQL Queries - mattnovitsch/M365 GitHub Wiki
I will be placing KQL Queries in this section for the following Defender Product lines:
- Microsoft Defender for Endpoint
- Microsoft Defender for Identity
- Microsoft Defender for Cloud Apps
- Microsoft Defender for Office
I will have folders with each of the areas tagged queries. Right now, I have MDE, MDO, and MDI. I will post more as I keep diving deeper into the products and I get more requests from customers asking for things.