Forum Discussion
KQL to query web browsing
Hi all! My customer is looking to use MDATP for web content filtering (combination of web content filtering & CNIs, powered by MCAS (unsanctioned apps) but has a requirement to investigate web br...
Hi,
I'm looking for the same solution using KQL in Microsoft Defender for Endpoint (MDE)/Azure Sentinel. With the `DeviceNetworkEvents` table, I can retrieve all the history, but the `RemoteUrl` does not show the full path and I get all the URLs, including ads, trackers, and other unwanted URLs.
Any advise for that ?!
Thank you.
I'm looking for the same solution using KQL in Microsoft Defender for Endpoint (MDE)/Azure Sentinel. With the `DeviceNetworkEvents` table, I can retrieve all the history, but the `RemoteUrl` does not show the full path and I get all the URLs, including ads, trackers, and other unwanted URLs.
Any advise for that ?!
Thank you.
- Hi,
Same issue for me !
It means I cannot match traffic from the workstation with TI source (like Phishtank or others)
It would be nice to get feedback from MS teams...
Regards,
HA
