Create Device_LocateMaliciousFile

Open opeyemienitan opened this issue 7 months ago • 1 comments

This query filters DeviceFileEvents for a given malicious file name and extension within the last 30 days. It projects key attributes such as event time, action type, device details, file origin URL, folder path, and initiating user UPN to support security investigations.

Jun 10 '25 08:06 opeyemienitan