locked
Is there a way to view the parameters of suspicious processes in ATP? RRS feed

  • Question

  • Hello,

    I'm developing use cases for Defender ATP incidents. During testing, I found out that under "Alert Process Tree", I'm able to view the commands that have been executed under suspicious circumstances, but not their parameters (e.g. a ping command had been executed, but I can't see the destination or packet count). 

    Is there any way to get this information?
     
    Monday, June 15, 2020 8:18 AM