Forum Discussion
BExstrom
Nov 07, 2023Copper Contributor
Advanced Hunting Custom Date Range issue
I am performing an Incident investigation on a string of spear phishing emails. I need to query user activity for the last 90 days. The advanced hunting query builder only returns the last 45. Is thi...
adiii
Nov 10, 2023Brass Contributor
Advanced Hunting retention is 30 days, so that can be a problem in your query. With Graph API you can query Advanced Hunting as well, but you will have the same retention there I guess. What exactly is your goal? Maybe there is another way to find out.
- BExstromNov 10, 2023Copper Contributor
adiii i’m looking at the login attempts for a user and trying to match them with the device and the IP address. We’re looking to determine if his account was compromised in that time I don’t think it was. I don’t see anything out of the norm however, the date in question is over 60 days in the past.