Forum Discussion
Solved
Advanced hunting does not return network protection logs
Hello, I am able to find network protection logs in event viewer: However, I can't retrieve network protection logs using advanced hunting and KQL query: https://help.redcanary.com/hc/...
- The logs are in DeviceEvents:
https://learn.microsoft.com/en-us/defender-endpoint/network-protection#advanced-hunting
DeviceEvents
| where ActionType in ('ExploitGuardNetworkProtectionAudited','ExploitGuardNetworkProtectionBlocked')
The logs are in DeviceEvents:
https://learn.microsoft.com/en-us/defender-endpoint/network-protection#advanced-hunting
DeviceEvents
| where ActionType in ('ExploitGuardNetworkProtectionAudited','ExploitGuardNetworkProtectionBlocked')
https://learn.microsoft.com/en-us/defender-endpoint/network-protection#advanced-hunting
DeviceEvents
| where ActionType in ('ExploitGuardNetworkProtectionAudited','ExploitGuardNetworkProtectionBlocked')