mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-27 00:03:45 +00:00
Merged PR 10649: update advanced hunting example image
update advanced hunting example image
This commit is contained in:
Joey Caparas
@ -10,7 +10,7 @@ ms.pagetype: security
|
|||||||
ms.author: macapara
|
ms.author: macapara
|
||||||
author: mjcaparas
|
author: mjcaparas
|
||||||
ms.localizationpriority: medium
|
ms.localizationpriority: medium
|
||||||
ms.date: 06/13/2018
|
ms.date: 08/15/2018
|
||||||
---
|
---
|
||||||
|
|
||||||
# Query data using Advanced hunting in Windows Defender ATP
|
# Query data using Advanced hunting in Windows Defender ATP
|
||||||
@ -51,7 +51,8 @@ First, we define a time filter to review only records from the previous seven da
|
|||||||
|
|
||||||
We then add a filter on the _FileName_ to contain only instances of _powershell.exe_.
|
We then add a filter on the _FileName_ to contain only instances of _powershell.exe_.
|
||||||
|
|
||||||
Afterwards, we add a filter on the _ProcessCommandLine_
|
Afterwards, we add a filter on the _ProcessCommandLine_.
|
||||||
|
|
||||||
Finally, we project only the columns we're interested in exploring and limit the results to 100 and click **Run query**.
|
Finally, we project only the columns we're interested in exploring and limit the results to 100 and click **Run query**.
|
||||||
|
|
||||||
You have the option of expanding the screen view so you can focus on your hunting query and related results.
|
You have the option of expanding the screen view so you can focus on your hunting query and related results.
|
||||||
|
|||||||
Binary file not shown.
|
Before Width: | Height: | Size: 45 KiB After Width: | Height: | Size: 53 KiB |
Reference in New Issue
Block a user