Query Details
Rclone
Query
DeviceNetworkEvents | where InitiatingProcessFileName =~ "rclone.exe"
Explanation
This query is searching for events related to a specific device network activity. It filters the events to only include those where the initiating process file name contains "rclone.exe".
Details
C.J. May
Released: September 27, 2022
Tables
DeviceNetworkEvents
Keywords
DeviceNetworkEvents,InitiatingProcessFileName,rclone.exe
Operators
|where=~