This repo contains sample Power BI Report templates powered by Microsoft Defender Advanced Threat Protection Advance Hunting Queries. With these sample templates, you can start to experience the integration of Advanced hunting into Power BI. For samples of Advance Hunting queries, visit https://github.com/Microsoft/WindowsDefenderATP-Hunting-Queries
To get started, simply download a template and authenticate to your tenant. For more details on how to authenticate into the Advance Hunting API, visit https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-atp/apis-intro
When sharing Power BI Report templates, please export the template using this process to export without data: click “File –> Export –> Power BI Template” from the main Power BI Desktop window. A Power BI Report Template contains the definition of the Report (pages, visuals, etc.), Data Model definition (schema, relationships, measures, etc.) and Queries definition (collection of queries, including Query Parameters, etc.). In other words, a Power BI Report template includes pretty much everything that a Report file includes, with the exception of the data itself. For more details, visit https://powerbi.microsoft.com/en-us/blog/deep-dive-into-query-parameters-and-power-bi-templates/.
Not using Microsoft Defender ATP? If you haven't yet, experience how you can effectively scale your organization's incident response capabilities by signing up for a free Microsoft Defender ATP trial.
We maintain a backlog of suggested sample Power BI templates in the project issues page. Feel free to comment, rate, or provide suggestions. We value your feedback. Let us know if you run into any problems or share your suggestions by adding an entry into the issues section.
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.
When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.