Descriptor: Name: SampleDefenderKQL DisplayName: My Sample Defender KQL Plugin Description: Skills to query email logs in M365 Advanced Hunting SkillGroups: - Format: KQL Skills: - Name: GetLatestEmailsByRecipient DisplayName: Get Latest Emails By Recipient Description: Fetches the latest emails received by the user with the specified email address Inputs: - Name: email Description: The email address of the recipient Required: true Settings: Target: Defender Template: |- EmailEvents | where RecipientEmailAddress =~ '{{email}}' | project Timestamp, NetworkMessageId, SenderFromAddress, SenderDisplayName, Subject, DeliveryLocation | top 100 by Timestamp desc