deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-20 21:03:42 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Added the example query

Browse Source
This commit is contained in:
Malin De Silva
2019-07-05 13:35:57 +05:30
committed by GitHub
parent 5f2210da99
commit 96f132bac5
1 changed files with 7 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
View File

@ -51,6 +51,13 @@ Microsoft Defender ATP provides detailed reporting into events and blocks as par
You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender-exploit-guard.md), you can use Advanced hunting to see how network protection settings would affect your environment if they were enabled.
Here is an example query
```
MiscEvents
| where ActionType in ('ExploitGuardNetworkProtectionAudited','ExploitGuardNetworkProtectionBlocked')
```
## Review network protection events in Windows Event Viewer
You can review the Windows event log to see events that are created when network protection blocks (or audits) access to a malicious IP or domain: