ATP Detection events triggered

Defender For Endpoint

CloudAppEvents
| where ActionType == "AtpDetection"
| extend
     DetectionMethod = parse_json(RawEventData).DetectionMethod,
     EventDeepLink = parse_json(RawEventData).EventDeepLink,
     FileData = parse_json(RawEventData).FileData
| project-reorder
     Timestamp,
     ActionType,
     Application,
     AccountId,
     DetectionMethod,
     FileData,
     EventDeepLink

Sentinel

CloudAppEvents
| where ActionType == "AtpDetection"
| extend
     DetectionMethod = parse_json(RawEventData).DetectionMethod,
     EventDeepLink = parse_json(RawEventData).EventDeepLink,
     FileData = parse_json(RawEventData).FileData
| project-reorder
     TimeGenerated,
     ActionType,
     Application,
     AccountId,
     DetectionMethod,
     FileData,
     EventDeepLink

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ATPDetectionEvents.md

ATPDetectionEvents.md

ATP Detection events triggered

Defender For Endpoint

Sentinel

Files

ATPDetectionEvents.md

Latest commit

History

ATPDetectionEvents.md

File metadata and controls

ATP Detection events triggered

Defender For Endpoint

Sentinel