Query Advanced Hunting

description executes an advanced hunting query in microsoft defender to identify threats, with a required 'query' parameter endpoint url /api/advancedhunting/run method post inputs json body (object) – required query (string) – required the query to run output example \[ { "status code" 200, "response headers" { "date" "thu, 05 sep 2024 07 29 53 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "content encoding" "deflate", "vary" "accept encoding", "strict transport security" "max age=31536000; includesubdomains" }, "reason" "ok", "json body" { "stats" { "executiontime" 0 171881, "resource usage" { "cache" { "memory" null, "disk" null }, "cpu" { "user" "00 00 00", "kernel" "00 00 00", "total cpu" "00 00 00" }, "memory" { "peak per node" 3146640 } }, "dataset statistics" \[ { "table row count" 0, "table size" 0 } ] }, "schema" \[ { "name" "timestamp", "type" "datetime" }, { "name" "filename", "type" "string" }, { "name" "initiatingprocessfilename", "type" "string" } ], "results" \[] } } ] output parameters status code (number) reason (string) json body (object) stats (object) executiontime (number) resource usage (object) cache (object) memory (object) disk (object) cpu (object) user (string) kernel (string) total cpu (string) memory (object) peak per node (number) dataset statistics (array) table row count (number) table size (number) schema (array) name (string) type (string) results (array) file name (string) – required file (string) – required response headers header type date string content type string transfer encoding string connection string content encoding string vary string strict transport security string