deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-21 21:33:38 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge pull request #8127 from BenMcGarry/patch-1

Browse Source 
Update WDAC hunting query
This commit is contained in:
Louie Mayor
2020-09-14 16:09:27 -07:00
committed by GitHub
parent 360ec9294c 8d5aefa6bf
commit 5b734f1100
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
windows/security/threat-protection/windows-defender-application-control/querying-application-control-events-centrally-using-advanced-hunting.md
View File

@ -30,10 +30,10 @@ This capability is supported beginning with Windows version 1607.
Here is a simple example query that shows all the WDAC events generated in the last seven days from machines being monitored by Microsoft Defender ATP:
```
MiscEvents
| where EventTime > ago(7d) and
DeviceEvents
| where Timestamp > ago(7d) and
ActionType startswith "AppControl"
| summarize Machines=dcount(ComputerName) by ActionType
| summarize Machines=dcount(DeviceName) by ActionType
| order by Machines desc
```