From Falcon to Defender – how to “Draw Process Explorer”?
I’m evaluating Defender’s “Advanced Hunting” EDR data and query capabilities. I’ve found the suspicious Powershell process I’m looking for (using KQL).
However, I can’t figure out how to do the equivalent of CrowdStrike Falcon’s “Draw Process Explorer”. I’ve searched about and can’t believe this button isn’t staring me in the face, but I don’t see how to get a process overview of the related DNS lookups, network connections, file activity, etc.
I’m evaluating Defender’s “Advanced Hunting” EDR data and query capabilities. I’ve found the suspicious Powershell process I’m looking for (using KQL).However, I can’t figure out how to do the equivalent of CrowdStrike Falcon’s “Draw Process Explorer”. I’ve searched about and can’t believe this button isn’t staring me in the face, but I don’t see how to get a process overview of the related DNS lookups, network connections, file activity, etc. Read More