Hello Everyone,

Anyone could help me to build a KQL query in which I can hunt users who download any new software in my company environment. see below is a query which i build but this query results me all logs including system logs, I just want to see only new downloaded files software logs.

” 

​Hello Everyone, Anyone could help me to build a KQL query in which I can hunt users who download any new software in my company environment. see below is a query which i build but this query results me all logs including system logs, I just want to see only new downloaded files software logs.” // Define the time range for the querylet startTime = ago(7d);let endTime = now();// Filter DeviceFileEvents for downloaded executable files (e.g., .exe, .msi)DeviceFileEvents| where ActionType == “FileCreated”| where FileName endswith “.exe” or FileName endswith “.msi” or FileName endswith “.msix” or FileName endswith “.dmg”| summarize Count = count(), FirstSeen = min(Timestamp), LastSeen = max(Timestamp) by DeviceId, Timestamp, ReportId, DeviceName, InitiatingProcessAccountName, FileName, FolderPath| project DeviceId, Timestamp = LastSeen, ReportId, DeviceName, User = InitiatingProcessAccountName, FileName, FolderPath, Count, FirstSeen, LastSeen| order by LastSeen desc”   Read More

​