Forum Discussion
Solved
How to KQL query *live* EmailEvents table and NOT the streaming API
EmailEvents table in the advanced hunting schema - Microsoft Defender XDR | Microsoft Learn - this page tells us: Note * The LatestDeliveryLocation and LatestDeliveryAction columns are not availabl...
I tried Bing Chat today to see if it might help me. It has already seen and uses this very post to confirm my theory as fact (i.e., time range in query = streaming API / time range set via selector dropdown in UI = live table). I guess me and Copilot are taking the cake on this one. It's now "documented" as truth :).
I tried Bing Chat today to see if it might help me. It has already seen and uses this very post to confirm my theory as fact (i.e., time range in query = streaming API / time range set via selector dropdown in UI = live table). I guess me and Copilot are taking the cake on this one. It's now "documented" as truth :).