Create custom hunting queries in Microsoft Sentinel
Artikel
Gælder for:
Microsoft Sentinel in the Azure portal, Microsoft Sentinel in the Microsoft Defender portal
Hunt for security threats across your organization's data sources with custom hunting queries. Microsoft Sentinel provides built-in hunting queries to help you find issues in the data you have on your network. But you can create your own custom queries. For more information about hunting queries, see Threat hunting in Microsoft Sentinel.
Create a new query
In Microsoft Sentinel, create a custom hunting query from the Hunting > Queries tab.
For Microsoft Sentinel in the Azure portal, under Threat management select Hunting. For Microsoft Sentinel in the Defender portal, select Microsoft Sentinel > Threat management > Hunting.
Learn how to use hunts for conducting end-to-end proactive threat hunting. Seek out undetected threats based on hypothesis or start broadly and refine your searches with this hunting experience.
In this article, learn how to use the legacy incident investigation experience in Microsoft Sentinel to create advanced alert rules that generate incidents you can assign and investigate.
Understand how threat detection works in Microsoft Sentinel. Learn about different types of analytics rules and templates, and the generation of alerts and incidents.