cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Can Defender for Endppoint alert on the download of any executable from the Internet?

Solu
Copper Contributor

‎Sep 26 2023 12:10 PM

‎Sep 26 2023 12:10 PM

Can Defender for Endppoint alert on the download of any executable from the Internet?

Looking to if this is even possible from Defender for Endpoint alert on the download of any executable from the Internet?

 

Thanks in advance

359 Views
0 Likes
1 Reply
Reply
1 Reply
jaehwan

‎Sep 27 2023 01:01 AM

‎Sep 27 2023 01:01 AM

Re: Can Defender for Endppoint alert on the download of any executable from the Internet?

@Solu 

 

1. DeviceFileEvents Table

DeviceFileEvents table in the advanced hunting schema | Microsoft Learn

 

2. Create Custom Alert

example query

 

DeviceFileEvents  
| where  ingestion_time() > ago(7d)
| where ActionType == "FileCreated"

 

->

https://learn.microsoft.com/en-us/microsoft-365/security/defender/custom-detection-rules?view=o365-w...

 

 

 

0 Likes
Reply