kql-mde-xdr
CommunityWrite and optimize Defender XDR KQL queries.
Data & Analytics#query-optimization#detection-engineering#threat-hunting#incident-investigation#kql#defender#mde
Authoraudibleblink
Version1.0.0
Installs0
System Documentation
What problem does it solve?
KQL queries for Microsoft Defender for Endpoint (MDE), Microsoft Sentinel, and Defender for Microsoft 365 Defender XDR are often complex, error-prone, and slow to write, making threat hunting and incident investigations tedious and error-prone.
Core Features & Use Cases
- Write and optimize KQL queries across MDE, Sentinel, and M365 Defender XDR to improve detection analytics.
- Validate field schemas and reference tables from the references directory before constructing queries to ensure accuracy.
- Use cases include threat hunting, detection engineering, and incident investigations across Defender products, with guidance for performance and readability.
Quick Start
Craft a minimal KQL query against DeviceInfo to validate schema and syntax, then run it to confirm results.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: kql-mde-xdr Download link: https://github.com/audibleblink/skills/archive/main.zip#kql-mde-xdr Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.