Graph API runHuntingQuery

Query Information

Description

This query lists successful runHuntingQuery Graph API calls from applications.

References

https://learn.microsoft.com/en-us/graph/api/security-security-runhuntingquery?view=graph-rest-1.0&tabs=http

Defender XDR

MicrosoftGraphActivityLogs
| where RequestUri has "runHuntingQuery"
// Only list app based results
| where isnotempty(AppId)
| where ResponseStatusCode == 200
| project TimeGenerated, RequestUri, AppId, ResponseStatusCode, ResponseSizeBytes

Sentinel

MicrosoftGraphActivityLogs
| where RequestUri has "runHuntingQuery"
// Only list app based results
| where isnotempty(AppId)
| where ResponseStatusCode == 200
| project TimeGenerated, RequestUri, AppId, ResponseStatusCode, ResponseSizeBytes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

runHuntingQueryExecution.md

runHuntingQueryExecution.md

Graph API runHuntingQuery

Query Information

Description

References

Defender XDR

Sentinel

Files

runHuntingQueryExecution.md

Latest commit

History

runHuntingQueryExecution.md

File metadata and controls

Graph API runHuntingQuery

Query Information

Description

References

Defender XDR

Sentinel