Defense Evasion Alerts Generated by Defender For Endpoint

Query Information

Description

This query lists the Defense Evasion Alerts Generated by Defender For Endpoint.

Defender XDR

CloudAppEvents
| where ActionType == 'DefenseEvasion'
| extend
     AlertUri = parse_json(RawEventData).AlertUri,
     AlertDisplayName = parse_json(RawEventData).AlertDisplayName,
     AlertSeverity = parse_json(RawEventData).AlertSeverity
| project AlertUri, AlertDisplayName, AlertSeverity

Sentinel

CloudAppEvents
| where ActionType == 'DefenseEvasion'
| extend
     AlertUri = parse_json(RawEventData).AlertUri,
     AlertDisplayName = parse_json(RawEventData).AlertDisplayName,
     AlertSeverity = parse_json(RawEventData).AlertSeverity
| project AlertUri, AlertDisplayName, AlertSeverity

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DefenseEvasionAlerts.md

DefenseEvasionAlerts.md

Defense Evasion Alerts Generated by Defender For Endpoint

Query Information

Description

Defender XDR

Sentinel

Files

DefenseEvasionAlerts.md

Latest commit

History

DefenseEvasionAlerts.md

File metadata and controls

Defense Evasion Alerts Generated by Defender For Endpoint

Query Information

Description

Defender XDR

Sentinel