improve context for each result

Bert-JanP / Hunting-Queries-Detection-Rules

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

https://kqlquery.com

BSD 3-Clause "New" or "Revised" License

1.14k stars 212 forks source link

improve context for each result #8

Closed lawndoc closed 1 year ago

lawndoc commented 1 year ago

This is an awesome thing to look for -- WSL is a total EDR blindspot. Great idea for the query!

Bert-JanP commented 1 year ago

If you can alter the query, so it also includes the OSPlatform, MachineGroup ExposureLevel and DeviceType then I will merge the pull request.