Microsoft 365 Defender Advanced Hunting - Without KQL!

Microsoft 365 Defender (or Microsoft Defender XDR) Advanced Hunting enables you to perform KQL queries against audit logs from endpoints, apps, identities, and email and collaboration Threat Explorer. But what if you don't know KQL or are just getting started with it? Advanced Hunting also has a Query Builder that enables you to use filters and dropdowns in the UI to build your filter. Even better, if you want to see the KQL being the UI, you can do that as well!

In this video, Ben and Scott walk you through all there is to know (and maybe a little more) about using Advanced Hunting without KQL...and maybe a little with KQL...in Microsoft 365 Defender/Microsoft Defender XDR.