Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
{
"metricName": "Total data received",
"legend": "Alerts",
"baseQuery": "SecurityAlert \n| where ProductName in(\"Microsoft Defender Advanced Threat Protection\",\"Office 365 Advanced Threat Protection\",\"Azure Advanced Threat Protection\",\"Microsoft Cloud App Security\",\"Microsoft 365 Defender\")"
"baseQuery": "SecurityAlert \n| where ProductName in(\"Microsoft Defender Advanced Threat Protection\",\"Office 365 Advanced Threat Protection\",\"Azure Advanced Threat Protection\",\"Microsoft Cloud App Security\",\"Microsoft 365 Defender\",\"Microsoft Defender XDR\")"
},
{
"metricName": "Total data received",
Expand Down Expand Up @@ -47,7 +47,7 @@
"sampleQueries": [
{
"description": "All Microsoft Defender XDR alerts",
"query": "SecurityAlert \n| where ProductName in(\"Microsoft Defender Advanced Threat Protection\",\"Office 365 Advanced Threat Protection\",\"Azure Advanced Threat Protection\",\"Microsoft Cloud App Security\",\"Microsoft 365 Defender\")\n | sort by TimeGenerated"
"query": "SecurityAlert \n| where ProductName in(\"Microsoft Defender Advanced Threat Protection\",\"Office 365 Advanced Threat Protection\",\"Azure Advanced Threat Protection\",\"Microsoft Cloud App Security\",\"Microsoft 365 Defender\",\"Microsoft Defender XDR\")\n | sort by TimeGenerated"
},
{
"description": "Find possible clear text passwords in Windows registry.",
Expand Down Expand Up @@ -135,7 +135,7 @@
},
{
"name": "SecurityAlert",
"lastDataReceivedQuery": "SecurityAlert \n| where ProductName in(\"Microsoft Defender Advanced Threat Protection\",\"Office 365 Advanced Threat Protection\",\"Azure Advanced Threat Protection\",\"Microsoft Cloud App Security\",\"Microsoft 365 Defender\")\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
"lastDataReceivedQuery": "SecurityAlert \n| where ProductName in(\"Microsoft Defender Advanced Threat Protection\",\"Office 365 Advanced Threat Protection\",\"Azure Advanced Threat Protection\",\"Microsoft Cloud App Security\",\"Microsoft 365 Defender\",\"Microsoft Defender XDR\")\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
},
{
"name": "DeviceEvents",
Expand Down
Loading
Loading