Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Query for SmartScreen URL blocks, where the user has decided to run the malware nontheless. An additional optional filter is applied to query only for cases where Microsoft Edge has downloaded a file shortly after the ignored block. Read more about SmartScreen here: https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview. Data availability: These events are available only on Windows 10 version 1703 and onwards. Tags: #Smart
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | 172e5bee-9298-4c59-bd2a-e96d87e8e6d8 |
| Required Connectors | MicrosoftThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Protection%20events/SmartScreen%20URL%20block%20ignored%20by%20user.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊