KQL Search

Query Details

HomeAI ToolsDevice Query

Microsoft Workflow Compiler

Query

Tags:
Query:
DeviceProcessEvents
| where ProcessVersionInfoInternalFileName == @"Microsoft.Workflow.Compiler.exe"

References:

Explanation

The query is searching for DeviceProcessEvents where the ProcessVersionInfoInternalFileName is equal to "Microsoft.Workflow.Compiler.exe".

Details

Ali Hussein profile picture

Ali Hussein

Released: September 19, 2023

Tables

DeviceProcessEvents

Keywords

Device,Process,Events,ProcessVersionInfoInternalFileName,Microsoft.Workflow.Compiler.exe

Operators

|where==@

Actions