Skip to main content
Query a specified set of events, activities, or entity data to look for specific threats in the environment. Least privileged Microsoft Graph permissions to access the action via application: ThreatHunting.Read.All.
External DocumentationTo learn more, visit the Microsoft Defender XDR documentation.

Parameters

Example Output

Workflow Library Example

Run Hunting Query with Microsoft Defender Xdr and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop