Kql query

Copper Contributor

I am trying to explore file creation events where the query should check for file creation events in a folder. The query should catch if there are two files created in the same folder and files names starts with same name before first dot and one filename endswith  .exe and other one endswith  .exe.config

 

0 Replies