Chapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel

To me, advanced threat hunting is one of the most exciting parts of the Microsoft 365 (M365) Defender portal as it involves diving into data with Kusto – I mean, that's what we all came for, right? I'm kidding, but seriously, I could spend all day learning queries to pull what I want, learning what data is there as a whole, and figuring out what's normal and what's not.

We have lots planned for this chapter, including covering higher-level areas such as the basics of Kusto queries, advanced hunting in the M365 Defender portal and Microsoft Sentinel, and leveraging some of its additional hunting features, such as Livestream, notebooks, and bookmarks. The focus ...