Nov 07 2023 09:35 AM
I am performing an Incident investigation on a string of spear phishing emails. I need to query user activity for the last 90 days. The advanced hunting query builder only returns the last 45. Is this a retention issue? Would it work better using the Graph API?
Nov 10 2023 01:47 AM
Nov 10 2023 08:37 AM
@adiii i’m looking at the login attempts for a user and trying to match them with the device and the IP address. We’re looking to determine if his account was compromised in that time I don’t think it was. I don’t see anything out of the norm however, the date in question is over 60 days in the past.
Nov 11 2023 12:02 AM - edited Nov 11 2023 12:02 AM
@BExstrom Did you check UAL? Or Activity Log in Cloud Apps? Maybe you find something there...
Nov 12 2023 09:44 PM