deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-15 06:47:21 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update symantec-to-microsoft-defender-atp-setup.md

Browse Source
This commit is contained in:
Denise Vangel-MSFT 2020-06-17 18:55:29 -07:00
parent 156ca26ec6
commit edbcd60bf3
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
windows/security/threat-protection/microsoft-defender-atp/symantec-to-microsoft-defender-atp-setup.md
View File

@ -127,10 +127,13 @@ MDATP “Advanced Hunting”
Note: Change the “Last 7 days” to “Last 30 days”
```
find in (FileCreationEvents, ProcessCreationEvents, MiscEvents, RegistryEvents, NetworkCommunicationEvents, ImageLoadEvents)
where InitiatingProcessFileName has 'notepad.exe'
| project EventTime, ComputerName, InitiatingProcessSHA256, InitiatingProcessFolderPath, InitiatingProcessCommandLine
| distinct InitiatingProcessSHA256
```
Note: Replace notepad.exe with the 3rd party security product process name.
Note 2: We added distinct query which shows just the unique SHA256s.
@ -151,7 +154,7 @@ Type:
File(c:\\windows\\notepad.exe)
| project Hash
<br/><br/><br/><br/>
<br/><br/>
**Congratulations**! You have completed part 2 of [migrating from Symantec to Microsoft Defender ATP](symantec-to-microsoft-defender-atp-migration.md#planning-for-migration-the-process-at-a-high-level)!