Configure Defender Advanced Hunting queries for agent activity
Implementation Effort: Medium – Requires writing KQL queries against the CloudAppEvents table in Microsoft Defender, understanding the agent activity action types, and creating saved queries or custom detection rules for recurring use.
User Impact: Low – Analyst-facing capability; end users are not affected.
Overview
Sentinel analytics rules and Defender for Cloud alerts detect threats based on predefined patterns, but security analysts also need the ability to proactively investigate agent behavior that has not yet triggered an alert. Advanced hunting in Microsoft Defender provides this capability by exposing raw agent activity data — tool invocations, inference calls, MCP server executions — in a queryable format. This is where analysts go when something looks suspicious but does not match an existing detection rule, or when they need to trace the full sequence of actions an agent took during a specific time window.
Agent activity data flows into the CloudAppEvents table in the Defender portal, covering action types like agent invocations, SDK-based tool executions, and gateway-mediated calls. Building a library of saved queries for common investigation scenarios — "show all tool executions by agent X in the last 24 hours," "find all inference calls that exceeded normal token count" — reduces investigation time and ensures consistent methodology across analysts. Queries that prove their value during investigations can be promoted to custom detection rules, closing the loop between hunting and automated detection.
This supports Assume breach by giving analysts the tools to proactively hunt for compromise indicators in agent activity data, rather than waiting for automated rules to surface threats. It supports Verify explicitly by enabling analysts to validate agent behavior against expected patterns during investigations, using the full granularity of raw event data rather than relying solely on pre-aggregated alerts. Without these queries, investigators lack a structured way to examine what agents did, when they did it, and whether those actions were legitimate.