You can add known vulnerable drivers to your #threathunting program too. Microsoft provides a good overview of the current state of protections and detections (including KQL!) for vulnerable drivers here:
https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/strategies-to-monitor-and-prevent-vulnerable-driver-attacks/ba-p/4103985
You can add known vulnerable drivers to your #threathunting program too. Microsoft provides a good overview of the current state of protections and detections (including KQL!) for vulnerable drivers here:
https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/strategies-to-monitor-and-prevent-vulnerable-driver-attacks/ba-p/4103985