Defense Evasion Alerts Generated by Defender For Endpoint

Defender For Endpoint

CloudAppEvents
| where ActionType == 'DefenseEvasion'
| extend
     AlertUri = parse_json(RawEventData).AlertUri,
     AlertDisplayName = parse_json(RawEventData).AlertDisplayName,
     AlertSeverity = parse_json(RawEventData).AlertSeverity
| project AlertUri, AlertDisplayName, AlertSeverity

Sentinel

CloudAppEvents
| where ActionType == 'DefenseEvasion'
| extend
     AlertUri = parse_json(RawEventData).AlertUri,
     AlertDisplayName = parse_json(RawEventData).AlertDisplayName,
     AlertSeverity = parse_json(RawEventData).AlertSeverity
| project AlertUri, AlertDisplayName, AlertSeverity

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DefenseEvasionAlerts.md

DefenseEvasionAlerts.md

Defense Evasion Alerts Generated by Defender For Endpoint

Defender For Endpoint

Sentinel

Files

DefenseEvasionAlerts.md

Latest commit

History

DefenseEvasionAlerts.md

File metadata and controls

Defense Evasion Alerts Generated by Defender For Endpoint

Defender For Endpoint

Sentinel