Forum Discussion
agattsek
Jul 29, 2020Copper Contributor
MDATP KQL Query isolated machines
How would you write the Hunting query to identify machiens that have been isolated via MDATP? Thanks, Andrew
Jake_Mowrer
Aug 05, 2020Microsoft
agattsek We had a blog that posted recently that shows how you can see the isolation actions in the Action Center. It's not a query, but might solve the need another way: https://techcommunity.microsoft.com/t5/microsoft-threat-protection/the-action-center-in-microsoft-threat-protection-your-one-stop/ba-p/1550178
Thanks,
Jake Mowrer