Run Hunting Query

description execute advanced threat hunting queries through the microsoft graph api to identify potential threats within microsoft 365 defender endpoint url /v1 0/security/runhuntingquery method post inputs json body (object) – required json body query (string) the hunting query in kusto query language (kql) output example \[ { "status code" 200, "response headers" { "transfer encoding" "chunked", "content type" "application/json", "content encoding" "gzip", "vary" "accept encoding", "strict transport security" "max age=31536000", "request id" "8beed643 f868 4fd0 9e15 e0db4c50383e", "client request id" "8beed643 f868 4fd0 9e15 e0db4c50383e", "x ms ags diagnostic" "{\\"serverinfo\\" {\\"datacenter\\" \\"brazil south\\",\\"slice\\" \\"e\\",\\"ring\\" \\"3\\",\\"scaleunit\\" \\"001\\",\\"roleinstance\\" \\"cp1pepf00003034\\"}}", "date" "tue, 27 dec 2022 21🕛51 gmt" }, "reason" "ok", "json body" { "schema" \[ { "name" "timestamp", "type" "datetime" }, { "name" "filename", "type" "string" }, { "name" "initiatingprocessfilename", "type" "string" } ], "results" \[ { "timestamp" "2020 08 30t06 38 35 7664356z", "filename" "conhost exe", "initiatingprocessfilename" "powershell exe" }, { "timestamp" "2020 08 30t06 38 30 5163363z", "filename" "conhost exe", "initiatingprocessfilename" "powershell exe" } ] } } ] output parameters status code (number) reason (string) json body (object) schema (array) name (string) type (string) results (array) timestamp (string) filename (string) initiatingprocessfilename (string) response headers header type transfer encoding string content type string content encoding string vary string strict transport security string request id string client request id string x ms ags diagnostic string date string