Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
This query checks for network connection failures to Microsoft Defender for Endpoint URLs. The output includes any device with 1+ connectivity failures, a list of the domains they failed to connect to (including the number of failures), as well as the overall number of failures in the time period. Results are sorted by the total number of connection failures by the device.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | d2097370-9cfb-4f52-ab1b-8cb07a033d44 |
| Tactics | Misconfiguration |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Selection Criteria | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|---|
DeviceNetworkEvents |
ActionType == "ConnectionFailed" |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊