Sep 09 2021 09:27 PM
Hello Team,
We have deployed ASR rules using Microsoft System Center Configuration Manager in audit mode. I found that the ASR events in audit mode can only be checked in Event logs by configuring event forwarder.
I want to know whether there is any Kusto query to run in Advanced Hunting and get the list of files in audit mode. This help us in whitelisting the ASR rules
Sep 13 2021 06:38 AM