Forum Discussion
Microsoft Defender for Endpoint - How to export Device Timeline as per web browser display
Hi guys,
I am new to Microsoft defender for Endpoint. I want to export Device Timeline activity as per what have been display on the web browser and the information display on the web browser is much easy to read. I know how to export the raw log using the "Export" button. Can you please advice. Thank you very much in advance.
- AdelAlDabbasMicrosoft
Hello suhaimi4n6,
The best option is to familiarize yourself with raw events format, it is not as easy to read as the UI, but being familiar with it can also help you with analyzing Advanced Hunting results.
After exporting the .csv file, you can customize the report by removing some columns. It is similar to the UI's "Customize Columns" technique in Device Timeline page.
If the number of events is not huge, you can select your events and click on "Copy to clipboard". The output's format is similar to the UI format.
- jbmartin6Iron ContributorTImeline data are not available in the hunting tables.
- AdelAlDabbasMicrosoftI didn't say they are. Take your time to re-read my comment 🙂
Thank you!
- jbmartin6Iron ContributorRight now there is no other way to export the timeline data. You could work up a script to take the exported CSV and reformat it into HTML set up however you like. I suppose you could also figure out some way to scrape the web page with a custom browser extension or something like that.