Contact sales
Details

This atomic belongs to the Microsoft Graph: Security atomic group.

Executes a threat hunting query through the Microsoft Graph API. This atomic requires the following API permission: ThreatHunting.Read.All.

Target: Microsoft Defender for Office 365 integration target or HTTP endpoint for "graph.microsoft.com"

Account Key: None if using an integration-provided target, access token if using an HTTP Endpoint target

Steps:
[] Build the authorization header and request body
[] Run the threat hunting query
[] Check if the request was successful:
[]> If it was, attempt to extract the results and set the output variables
[]> If it wasn’t, return an error

More information about this API: https://learn.microsoft.com/en-us/graph/api/security-security-runhuntingquery

About
Authorship
Cisco Managed