May 09 2022 12:18 PM
Hi,
I need to build a use case to detect and create an alert (weekly for example) for new installed application on my Windows workstations and servers.
On the TVM I have the list of installed application with versioning, but I don't have the install date.
From the event viewer of each machine I can extract the event logs from applications installations with it's event date.
Is it possible to create some use case with a custom defender query to check all onboarded machines for all new installed ap
Jun 08 2022 01:51 PM