Forum Discussion

hukel's avatar
hukel
Copper Contributor
Oct 16, 2024

From Falcon to Defender - how to "Draw Process Explorer"?

I'm evaluating Defender's "Advanced Hunting" EDR data and query capabilities. I've found the suspicious Powershell process I'm looking for (using KQL).


However, I can't figure out how to do the equivalent of CrowdStrike Falcon's "Draw Process Explorer". I've searched about and can't believe this button isn't staring me in the face, but I don't see how to get a process overview of the related DNS lookups, network connections, file activity, etc.

No RepliesBe the first to reply

Resources