Created
December 20, 2021 11:07
-
-
Save alexverboon/f2ba4bbeb23dd228223234c7ae864cd8 to your computer and use it in GitHub Desktop.
CM Pivot for Defender Troubleshooting
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // CM Pivot for Defender Troubleshooting | |
| // Defender Event logs | |
| WinEvent('Microsoft-Windows-Windows Defender/Operational', 1d) | |
| // MDE Eent logs | |
| WinEvent('Microsoft-Windows-SENSE/Operational', 1d) | |
| // MDE Service Status | |
| Service | |
| | where Name == 'Sense' | |
| // MDE Onbaording STatus | |
| Registry('hklm:\\SOFTWARE\\Microsoft\\Windows Advanced Threat Protection\\Status') | |
| | where Property == 'OnboardingState' and Value == '0' | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment