KustoHawk is a PowerShell script designed for incident triage and response within Microsoft Defender XDR and Sentinel environments. It collects indicators of compromise and runs queries against the Graph API to provide detailed activity reports for devices or accounts. Users can adjust the timeframe of data collection and export results for further analysis.