Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Query for SmartScreen URL blocks, where the user has decided to run the malware nontheless. An additional optional filter is applied to query only for cases where Microsoft Edge has downloaded a file shortly after the ignored block. Read more about SmartScreen here: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview. Data availability: These events are available only on Windows 10 version 1703 and onwards. Tags: #Smart
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 172e5bee-9298-4c59-bd2a-e96d87e8e6d8 |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
DeviceEvents |
ActionType in "SmartScreenUrlWarning,SmartScreenUserOverride" |
✓ | ✗ | ? |
DeviceFileEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊