Þessi vafri er ekki lengur studdur.
Uppfærðu í Microsoft Edge til að nýta þér nýjustu eiginleika, öryggisuppfærslur og tæknilega aðstoð.
Hunt for security threats across your organization's data sources with custom hunting queries. Microsoft Sentinel provides built-in hunting queries to help you find issues in the data you have on your network. But you can create your own custom queries. For more information about hunting queries, see Threat hunting in Microsoft Sentinel.
In Microsoft Sentinel, create a custom hunting query from the Hunting > Queries tab.
For Microsoft Sentinel in the Azure portal, under Threat management select Hunting.
For Microsoft Sentinel in the Defender portal, select Microsoft Sentinel > Threat management > Hunting.
Select the Queries tab.
From the command bar, select New query.
Fill in all the blank fields.
Create entity mappings by selecting entity types, identifiers, and columns.
Map MITRE ATT&CK techniques to your hunting queries by selecting the tactic, technique, and sub-technique (if applicable).
When your finished defining your query, select Create.
Clone a custom or built-in query and edit it as needed.
From the Hunting > Queries tab, select the hunting query you want to clone.
Select the ellipsis (...) in the line of the query you want to modify, and select Clone.
Edit the query and other fields as appropriate.
Select Create.
Only queries that from a custom content source can be edited. Other content sources have to be edited at that source.
From the Hunting > Queries tab, select the hunting query you want to change.
Select the ellipsis (...) in the line of the query you want to change, and select Edit.
Update the Query field with the updated query. You can also change the entity mapping and techniques.
When finished select Save.
Þjálfun
Eining
Threat hunting with Microsoft Sentinel - Training
Learn how to proactively identify threat behaviors by using Microsoft Sentinel queries.
Vottorð
Microsoft Certified: Security Operations Analyst Associate - Certifications
Investigate, search for, and mitigate threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender.
