I'm new to kql and defender, looking for help in creating a hunting kql query which checks the avg number of alerts in the last 7 days on defender for ...
I'm new to kql and defender, looking for help in creating a hunting kql query which checks the avg number of alerts in the last 7 days on defender for ...
Is there a way to query for IP ranges from the DeviceEvent table using IP subnet notation i.e. 1.1.1.0/24 vs. listing individual IPs 1.1.1.1? Instead ...
I have a VNET which restricts all access outbound using an NSG except for 1 specific port which is used for an app it hosts. However I need a way to a ...
I am researching a little bit about MDE/MDO-s API capabilities for advanced threat hunt. my question is: Is it possible to KQL querying MDE/MDO’s A ...
For a Query in Microsoft Defender Advanced Hunting I want to use Data from an external Table (here the KQL_Test_Data.csv) but when I try to run it I g ...
Is it possible to prevent the download and execution of files with a .exe extension using 365? I've searched across Endpoint Manager, Defender for End ...
I'm working with mdatp (Microsoft Defender Advanced Threat Protection) for Linux. The idea is to detect any malicious file in a specific folder, using ...
I'm trying to do postman access token request to reach the following api : however the result returned is always the same: POST : https://log ...
I am trying to find if a user has copied some files from the shared folder to the local desktop. The Microsoft Defender (Advanced Hunting) only shows ...
I am working on creating a script to uninstall Firefox from multiple locations. I have a script that I've created and it works to an extent. I have ma ...
I am looking for documentation on how to build a Advanced Hunting query in Microsoft Defender for Endpoint where I can use the "File paths" in the KQL ...