Saturday, May 17, 2025

Build+Break+Secure

Learn by building. Master by breaking. Secure by obsession.

Build+Break+Secure

Learn by building. Master by breaking. Secure by obsession.

Kusto Query LanguageMicrosoft Defender for EndpointMicrosoft SentinelSECURE

Visualize Antivirus Detection By Day

Wayne Andes 3 min read

Description

This KQL query visualizes the daily antivirus detection, which can give an indication in anomalous amount of activities that are performed in your environment.

Query

Microsoft Defender For Endpoint
Kusto
DeviceEvents
| where Timestamp > ago(30d)
| where ActionType == 'AntivirusDetection'
| summarize count() by bin(Timestamp, 1d)
| render linechart with(title="Antivirus Detections by Day")

Microsoft Sentinel
Kusto
DeviceEvents
| where TimeGenerated > ago(30d)
| where ActionType == 'AntivirusDetection'
| summarize count() by bin(TimeGenerated, 1d)
| render linechart with(title="Antivirus Detections by Day")

You May Also Like

List Untrusted SSH File Transfer Protocol Connection Not Blocked By Symantec Endpoint Protection

Wayne Andes

List Potential Kerberos Encryption Downgrade

Wayne Andes

List Most Triggered MITRE Techniques

Wayne Andes

Leave a Reply

Your email address will not be published. Required fields are marked *