ATP Detection events triggered

Query Information

Description

Displays the AtpDetection events in CloudAppEvents.

Defender XDR

CloudAppEvents
| where ActionType == "AtpDetection"
| extend
     DetectionMethod = parse_json(RawEventData).DetectionMethod,
     EventDeepLink = parse_json(RawEventData).EventDeepLink,
     FileData = parse_json(RawEventData).FileData
| project-reorder
     Timestamp,
     ActionType,
     Application,
     AccountId,
     DetectionMethod,
     FileData,
     EventDeepLink

Sentinel

CloudAppEvents
| where ActionType == "AtpDetection"
| extend
     DetectionMethod = parse_json(RawEventData).DetectionMethod,
     EventDeepLink = parse_json(RawEventData).EventDeepLink,
     FileData = parse_json(RawEventData).FileData
| project-reorder
     TimeGenerated,
     ActionType,
     Application,
     AccountId,
     DetectionMethod,
     FileData,
     EventDeepLink

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ATPDetectionEvents.md

ATPDetectionEvents.md

ATP Detection events triggered

Query Information

Description

Defender XDR

Sentinel

Files

ATPDetectionEvents.md

Latest commit

History

ATPDetectionEvents.md

File metadata and controls

ATP Detection events triggered

Query Information

Description

Defender XDR

Sentinel