Hi,
Is there a way to detect USB events on macOS devices via Advance Hunting - ATP?
apparently below query works fine with me but for Windows
DeviceEvents
| where DeviceName has "COMPUTER_NAME"
| where ActionType == "UsbDriveMounted"
| project USBMountTime = Timestamp,ReportId,InitiatingProcessAccountName,DeviceName, DeviceId, AdditionalFields
Thanks