Clicking on the name of the query will bring you to the file for it in this git repo.
Or try them out right away in your M365 Security tenant:
Click on the '🔎' hotlink to plug the query right into your Advanced Hunting Query page
- Identify clear text LDAP authentication requests to domain controllers with MDI
- Aggregate by source hostname
- List all software in your environment with Critical CVEs
- Shows how many devices have each version of the software
- Indicates whether the Critical CVEs have public exploits
- Best practice endpoint configurations for Microsoft Defender for Endpoint deployment
- Find and fix devices out of compliance
- Identify holes in your security configuration deployment
- Files with the substring "password" in the name
- Results probably contain users' passwords in plain text
- Included file extensions: .doc .docx .xls .xlsx .txt
- Pie Chart for your viewing pleasure
- Determines whether each version of every program in your environment is vulnerable, expoloitable, or neither
- Takes into account how many devices have each version of a program
- By default, account for all CVE severities