https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/microsoft-365-defender-advance-hunting-query/m-p/541478#M2110 <P>Ass!uming you're running this manually, try using the back ticks on the query argument instead of quotes:</P> <P>&nbsp;</P> <P>!microsoft-365-defender-advanced-hunting query=`AlertInfo | where alert...`</P> <P>&nbsp;</P> <P>Alternatively, you can add the argument debug-mode=true to have it throw the debug of the request and see the body that is being sent etc.&nbsp;</P> <P>&nbsp;</P> Mon, 08 May 2023 19:30:07 GMT MBeauchamp2 2023-05-08T19:30:07Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/microsoft-365-defender-advance-hunting-query/m-p/541462#M2107 <P>Hi,</P> <P>&nbsp;</P> <P>I'm trying to build an advance hunting query in Microsoft 365 defender integration, but still giving me error.</P> <P>&nbsp;</P> <LI-CODE lang="markup">!microsoft-365-defender-advanced-hunting limit=10 query="""AlertInfo | where alertId = fa85caf1c0-b9b9-bc29-f600-08db44a419b9"""</LI-CODE> <P>&nbsp;</P> <LI-CODE lang="markup">Reason Failed to execute microsoft-365-defender-advanced-hunting command. Error: Error in API call [400] - Bad Request {"error": {"code": "BadRequest", "message": "Scalar is not expected in the current context. Fix semantic errors in your query.", "target": "|2528f983-4c3b7ab3bc866db1."}}</LI-CODE> <P>&nbsp;</P> <P>Could you help pls</P> <P>&nbsp;</P> <P>Regards,</P> Mon, 08 May 2023 17:32:25 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/microsoft-365-defender-advance-hunting-query/m-p/541462#M2107 FabioFerreira 2023-05-08T17:32:25Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/microsoft-365-defender-advance-hunting-query/m-p/541478#M2110 <P>Ass!uming you're running this manually, try using the back ticks on the query argument instead of quotes:</P> <P>&nbsp;</P> <P>!microsoft-365-defender-advanced-hunting query=`AlertInfo | where alert...`</P> <P>&nbsp;</P> <P>Alternatively, you can add the argument debug-mode=true to have it throw the debug of the request and see the body that is being sent etc.&nbsp;</P> <P>&nbsp;</P> Mon, 08 May 2023 19:30:07 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/microsoft-365-defender-advance-hunting-query/m-p/541478#M2110 MBeauchamp2 2023-05-08T19:30:07Z https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/microsoft-365-defender-advance-hunting-query/m-p/541487#M2111 <P>Got it.</P> <P>Thank you.</P> <P>&nbsp;</P> <LI-CODE lang="markup">!microsoft-365-defender-advanced-hunting limit=5 query=`AlertInfo | where AlertId == 'fa85caf1c0-b9b9-bc29-0000-08db40c26d06'`</LI-CODE> <P>&nbsp;</P> <P>Hope it helps someone.</P> <P>&nbsp;</P> <P>Regards,</P> Mon, 08 May 2023 21:26:25 GMT https://live.paloaltonetworks.com/t5/cortex-xsoar-discussions/microsoft-365-defender-advance-hunting-query/m-p/541487#M2111 FabioFerreira 2023-05-08T21:26:25Z