Forum Discussion
amueller-tf
Jul 26, 2021Brass Contributor
Defender AV - Active/Passive Mode - Advanced Hunting
While researching how to verify if Defender AV is in active or passive mode I found an Advanced Hunting query that searches "DeviceTvmSecureConfigurationAssessment" and then filters "ConfigurationId...
lixiardi
Nov 03, 2023Copper Contributor
Hi, how i can add the last user logged at result?
- jeremyhAUSNov 06, 2023Brass ContributorYou can add a join to the query above to the one below
DeviceLogonEvents
| where ActionType == "LogonSuccess"
| summarize arg_max(TimeGenerated,*) by DeviceId
| project TimeGenerated, DeviceId, AccountName, AccountDomain