The Unified Microsoft Sentinel and Microsoft 365 Defender Repository

As product and services always to continue to align its great to see movement in areas that provide pure value. The Microsoft Sentinel GitHub repository has now made room to house Microsoft 365 Defender Hunting queries.

KQL is the tie that binds these two security services, and because of that, Hunting queries for Microsoft 365 Defender are now available from the combined repository.

To locate these queries, go to the original Microsoft Sentinel GitHub repository ( and open the Hunting Queries folder to find the Microsoft 365 Defender folder.

Microsoft 365 Defender Hunting Queries

I’ve talked about this all along, how our query language, KQL, is a single thread that ties together things like our security platform service and products. Of course, don’t forget that KQL is important in most other areas in Azure and in things like Intune and Endpoint Manager. But, learning KQL can be a life changing, career altering event. You’ll need to know some of it eventually, so why not start now?

We’ve made it extremely easy to get up to speed with the Must Learn KQL series. Go from start to savant.

Get started today:


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Weekly Microsoft Defender Newsletter]

[Learn KQL with the Must Learn KQL series and book]