https://www.verboon.info/tags/hunting/Recent content in Hunting on Anything About ITHugoen-usWed, 15 Jan 2020 22:09:35 +0000https://www.verboon.info/2020/01/microsoft-threat-protection-using-advanced-hunting-to-see-whats-going-on-with-your-mail/Wed, 15 Jan 2020 22:09:35 +0000https://www.verboon.info/2020/01/microsoft-threat-protection-using-advanced-hunting-to-see-whats-going-on-with-your-mail/<p>Last December Microsoft introduced Microsoft Threat Protection (MTP) including advanced hunting that allows us to run queries across multiple data sources i.e. Microsoft Defender ATP and Office 365 ATP. If you haven&rsquo;t heard yet about MTP I recommend reading Christian Müller&rsquo;s blog post <a href="#">Microsoft Threat Protection – unified hunting</a>Now while the primary purpose of the unified hunting capability is to find information about indicators and entities, we can also use it to get an overview of what&rsquo;s going on inside the systems that feed information into MTP i.e. Office 365. So, I created a few simple queries that summarizes various attributes from the EmailEvents table. <img src="images/011520_2205_MicrosoftTh1.png" alt=""> </p>