Forum Discussion
hukel
Oct 16, 2024Copper Contributor
From Falcon to Defender - how to "Draw Process Explorer"?
I'm evaluating Defender's "Advanced Hunting" EDR data and query capabilities. I've found the suspicious Powershell process I'm looking for (using KQL).
However, I can't figure out how to do the equivalent of CrowdStrike Falcon's "Draw Process Explorer". I've searched about and can't believe this button isn't staring me in the face, but I don't see how to get a process overview of the related DNS lookups, network connections, file activity, etc.
No RepliesBe the first to reply