Forum Discussion
Hunting queries for creation of a service
I'd like to create a query to review creation of new services so as to find unique ones in my environment, but I'm not finding a way to do it. Ideally I'd also like to automatically provide some ana...
This should get you started
DeviceEvents
| where ActionType == 'ServiceInstalled'
If I find the time , I'll look into the 2nd topic you mentioned.