Feb 25 2022 01:42 AM
Hi,
Defender EDR collects data from client, such as process creation, network connection, user logon. How much time does it take for these data to be stored in Threat hunting tables?
Is there a setting that can be used to change the frequency?
Thanks.
Feb 27 2022 05:56 AM
You can find "Expedite telemetry reporting frequency" options in intune and configmgr.
In MDE portal, Endpoint - Timeline section will have almost real-time telemetry data that can also be used for investigation. I don't think there is specific option for reporting frequency for threat hunting. Sometime(I experienced) It may took around 8 hours to have updated data in MDE tenant.
Feb 28 2022 02:29 AM