Jul 28 2021 03:25 PM
Hello
I am using the below query to get an endpoint status report. The query works great, however requesting help on modifying the query to show me the logged on users. Thank you in advance
Jan 24 2022 07:09 AM
@Skipster311-1 if you're still looking for help on this, I created a correlation query that includes grabbing logged in users from an endpoint name. You can reference it to get you started on solving your problem -> AdvancedHuntingQueries/Utilities at main · lawndoc/AdvancedHuntingQueries (github.com)
Jan 24 2022 07:23 AM - edited Jan 24 2022 07:24 AM
@Skipster311-1 Nevermind, I went ahead and did it for you -- this is what you wanted: https://security.microsoft.com/v2/advanced-hunting?query=H4sIAAAAAAAAA7VX2U7bQBSd50r9hyhPiQQNBoTUVjy...