Closed DeanGross closed 4 years ago
I am getting the following error , when i review the schema at https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference, i don't see a table called MiscEvents. Does anyone know how to fix this query?
Web.Contents failed to get contents from 'https://api.securitycenter.windows.com/api/advancedqueries?key=MiscEvents%0A%7C%20where%20ActionType%20startswith%20'AppControl'%0A%7C%20extend%20ValidatedSigningLevel%20=%20parsejson(AdditionalFields).ValidatedSigningLevel%0A%7C%20extend%20AuthenticodeHash%20=%20parsejson(AdditionalFields).AuthenticodeHash%0A%7C%20project%20FileName,%20ActionType,%20FolderPath,%20ValidatedSigningLevel,%20AuthenticodeHash,%20MachineId,%20EventTime%20%0A%7C%20summarize%20dcount(MachineId)%20by%20FileName,%20EventTime,%20ActionType,%20FolderPath,%20tostring(AuthenticodeHash),%20tostring(ValidatedSigningLevel)%0A%7C%20top%2010000%20by%20dcount_MachineId%20desc' (400): Bad Request.
I am getting the following error , when i review the schema at https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference, i don't see a table called MiscEvents. Does anyone know how to fix this query?
Web.Contents failed to get contents from 'https://api.securitycenter.windows.com/api/advancedqueries?key=MiscEvents%0A%7C%20where%20ActionType%20startswith%20'AppControl'%0A%7C%20extend%20ValidatedSigningLevel%20=%20parsejson(AdditionalFields).ValidatedSigningLevel%0A%7C%20extend%20AuthenticodeHash%20=%20parsejson(AdditionalFields).AuthenticodeHash%0A%7C%20project%20FileName,%20ActionType,%20FolderPath,%20ValidatedSigningLevel,%20AuthenticodeHash,%20MachineId,%20EventTime%20%0A%7C%20summarize%20dcount(MachineId)%20by%20FileName,%20EventTime,%20ActionType,%20FolderPath,%20tostring(AuthenticodeHash),%20tostring(ValidatedSigningLevel)%0A%7C%20top%2010000%20by%20dcount_MachineId%20desc' (400): Bad Request.