Forum Discussion
How to get the Protection History from a device
Hello, I would like to get the Protection History without the user intervention. I don't understand why is not in the device page in Microsoft 365 Defender initially... I tried to find a way ...
cyb3rmik3Hi ! Thanks a lot for this, that help me a lot !
Question : Is it a way to add the "Affected Item" & "Detail" of the detection ?
Regards
Hello Deleted,
I am not quite sure that you can get that information exactly as it is stored locally. However, you may try the following query which brings the title of the alert and the related information about filename and path.
AlertEvidence
| where Timestamp > ago(3d) // Define days or hours
| where EntityType contains "File"
| where DetectionSource contains "Antivirus"
| project Title, FolderPath, FileName
I truly hope this will help you in some way.