Forum Discussion
Advanced hunting does not return network protection logs
Hello,
I am able to find network protection logs in event viewer:
However, I can't retrieve network protection logs using advanced hunting and KQL query:
https://help.redcanary.com/hc/en-us/articles/8265764276375-Turn-on-Microsoft-Network-Protection
DeviceNetworkEvents
|where ActionType in ('ExploitGuardNetworkProtectionAudited','ExploitGuardNetworkProtectionBlocked')
Am I missing something?
Thank you
- The logs are in DeviceEvents:
https://learn.microsoft.com/en-us/defender-endpoint/network-protection#advanced-hunting
DeviceEvents
| where ActionType in ('ExploitGuardNetworkProtectionAudited','ExploitGuardNetworkProtectionBlocked')
- The logs are in DeviceEvents:
https://learn.microsoft.com/en-us/defender-endpoint/network-protection#advanced-hunting
DeviceEvents
| where ActionType in ('ExploitGuardNetworkProtectionAudited','ExploitGuardNetworkProtectionBlocked')
