diff --git a/documentation/logos/defender_endpoing.png b/documentation/logos/defender_endpoing.png
new file mode 100644
index 0000000..efc7ace
Binary files /dev/null and b/documentation/logos/defender_endpoing.png differ
diff --git a/documentation/website/export_mod/defender_endpoint_export.json b/documentation/website/export_mod/defender_endpoint_export.json
new file mode 100644
index 0000000..ee45766
--- /dev/null
+++ b/documentation/website/export_mod/defender_endpoint_export.json
@@ -0,0 +1,11 @@
+{
+    "description": "Defender for Endpoint KQL hunting query export module",
+    "requirements": [],
+    "features": "This module export an event as Defender for Endpoint KQL queries that can then be used in your own python3 or Powershell tool. If you are using Microsoft Sentinel, you can directly connect your MISP instance to Sentinel and then create queries using the `ThreatIntelligenceIndicator` table to match events against imported IOC.",
+    "references": [
+        "https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference"
+    ],
+    "input": "MISP Event attributes",
+    "output": "Defender for Endpoint KQL queries",
+    "logo": "defender_endpoint.png"
+}
\ No newline at end of file