Can Defender for Endppoint alert on the download of any executable from the Internet?

Question

Looking to if this is even possible from&nbsp;Defender for Endpoint alert on the download of any executable from the Internet?&nbsp;Thanks in advance

jaehwan · Answer

Sohel68&nbsp;&nbsp;1. DeviceFileEvents TableDeviceFileEvents table in the advanced hunting schema | Microsoft Learn&nbsp;2. Create Custom Alertexample query&nbsp;DeviceFileEvents &nbsp; | where &nbsp;ingestion_time() &gt; ago(7d)| where ActionType == "FileCreated"&nbsp;-&gt;https://learn.microsoft.com/en-us/microsoft-365/security/defender/custom-detection-rules?view=o365-worldwide#create-a-custom-detection-rule&nbsp;&nbsp;&nbsp;

Forum Discussion

Can Defender for Endppoint alert on the download of any executable from the Internet?

Share

Resources