Query Details
Data By Provider
Query
SecurityAlert | where ProviderName == "MCAS" SecurityAlert | where ProviderName == "Office 365 Security & Compliance" SecurityAlert | where ProviderName == "MDATP"
Explanation
The query is filtering the SecurityAlert table based on different ProviderNames such as MCAS, Office 365 Security & Compliance, and MDATP.
Details
Rod Trent
Released: March 26, 2020
Tables
SecurityAlert
Keywords
SecurityAlert,ProviderName,MCAS,Office365Security&Compliance,MDATP
Operators
| where AlertName contains "Phishing"