Forum Discussion

suhaimi4n6's avatar
suhaimi4n6
Copper Contributor
Mar 12, 2024

Microsoft Defender for Endpoint - How to export Device Timeline as per web browser display

Hi guys,

I am new to Microsoft defender for Endpoint. I want to export Device Timeline activity as per what have been display on the web browser and the information display on the web browser is much easy to read. I know how to export the raw log using the "Export" button. Can you please advice. Thank you very much in advance.

  • Hello suhaimi4n6,

     

    The best option is to familiarize yourself with raw events format, it is not as easy to read as the UI, but being familiar with it can also help you with analyzing Advanced Hunting results. 

    After exporting the .csv file, you can customize the report by removing some columns. It is similar to the UI's "Customize Columns" technique in Device Timeline page.

     

    If the number of events is not huge, you can select your events and click on "Copy to clipboard". The output's format is similar to the UI format.

     

     

     

    • jbmartin6's avatar
      jbmartin6
      Iron Contributor
      TImeline data are not available in the hunting tables.
      • AdelAlDabbas's avatar
        AdelAlDabbas
        Icon for Microsoft rankMicrosoft
        I didn't say they are. Take your time to re-read my comment 🙂

        Thank you!
  • jbmartin6's avatar
    jbmartin6
    Iron Contributor
    Right now there is no other way to export the timeline data. You could work up a script to take the exported CSV and reformat it into HTML set up however you like. I suppose you could also figure out some way to scrape the web page with a custom browser extension or something like that.

Resources