Forum Discussion

drivesafely's avatar
drivesafely
Copper Contributor
Jun 23, 2024
Solved

MDE Alerts tab and quarantine files location

Hello,   I have a few questions that I hope you can help clarify. Filtering MDE Alerts by Detection Source: In Microsoft Defender for Endpoint (MDE), is it possible to filter alerts based on the...
  • AdelAlDabbas's avatar
    AdelAlDabbas
    Jun 26, 2024

    Hello drivesafely,

     

    The Alerts page (https://security.microsoft.com/alerts) supports filtering by Product name, which can be helpful if you're looking for MDE alerts without specifying the exact source within MDE product. You can achieve that by clicking on the "Add filter" option and choose Product name.

    If you're still looking for Detection Source filter, you can export the Alerts page and filter in Excel.

     

    Or, to filter alerts by detection source, you can use the following Advanced Hunting query:

    AlertInfo
    | where DetectionSource == "Source"
    | project AlertId, Timestamp, DetectionSource, Title, Severity, Category
    | sort by Timestamp desc

     

    The quarantine location you mentioned for MDAV is correct. Noting that it is recommended to only interact with Quarantine folder through Microsoft Defender/Windows Security App.

     

    Best regards,

    Adel

     

     

AdelAlDabbas's avatar
AdelAlDabbas
Icon for Microsoft rankMicrosoft
Jun 26, 2024

Hello drivesafely,

 

The Alerts page (https://security.microsoft.com/alerts) supports filtering by Product name, which can be helpful if you're looking for MDE alerts without specifying the exact source within MDE product. You can achieve that by clicking on the "Add filter" option and choose Product name.

If you're still looking for Detection Source filter, you can export the Alerts page and filter in Excel.

 

Or, to filter alerts by detection source, you can use the following Advanced Hunting query:

AlertInfo
| where DetectionSource == "Source"
| project AlertId, Timestamp, DetectionSource, Title, Severity, Category
| sort by Timestamp desc

 

The quarantine location you mentioned for MDAV is correct. Noting that it is recommended to only interact with Quarantine folder through Microsoft Defender/Windows Security App.

 

Best regards,

Adel

 

 

  • drivesafely's avatar
    drivesafely
    Copper Contributor
    Jun 26, 2024

    AdelAlDabbas 

     

    Thanks for the response and guidance.

    I would like to take this oppurtunity to ask a question related to Alerts notification via email. We have configured the same, and receive quite limited information in the email. Is there a way to natively configure MDE to send more details we want in the email itself when it sent for any alert?

    Regards,

Resources