Advanced Hunting & Data visualization in Microsoft 365 Defender
ฝัง
- เผยแพร่เมื่อ 12 ธ.ค. 2024
- This episode is about using advanced hunting in Microsoft 365 Defender to transform raw data into insightful visualizations. You will learn the concept of advanced hunting and how to use this powerful feature to track attack surface reduction rules and web protection activities. Kijo Girardi, FastTrack Japan security expert, shares valuable insights into using advanced hunting in practical scenarios to assist security professionals in their daily security operations.
Join the discussion and ask questions here: techcommunity....
awesome Kijo congrats thanks for sharing a nice kql queries for advance hunting.
can you share with us the script you type I copy it from video but i got this error Error message
Missing expression
How to resolve
Fix syntax errors in your query
Token
|
Line
8
Position
119
DeviceEvents
| where Timestamp > ago(8d)
| where Actiontype startswith "asr"
| extend Parsed = parse_json(AdditionalFields)
| where Parsed.IsAudit == "false"
| summarize Email = countif(Actiontype in ("AsrExecutableEmailContentBlocked","AsrOfficeCommAppChildProcessBlocked")),
| script = countif(Actiontype in ("AsrObfuscatedScriptBlocked","AsrExecutableDownloadBlocked")),
Excellent @kijo