Forum Discussion

Synthetic_Sentience's avatar
Synthetic_Sentience
Copper Contributor
Jan 08, 2022

Get users most active machine by querying Defender endpoint via Powershell.

Hi

 

I'm looking to query MS Defender endpoint info with Powershell.

 

I'm wondering is this simply a module add on and authentication or is more involved or not possible.

 

One example is I wish to get the most active computer and any outstanding alert's for this computer.

 

Also I'm curious as to whether Powershell can call an existing KQL query and receive its results into the script.

 

Thanks

Resources