Create a Post
Showing results for 
Search instead for 
Did you mean: 

Threat Hunting Export

We're increasingly utilizing Threat Hunting for more than strictly security-based tasks as it's a very useful tool to determine which users may be utilizing specific pieces of software that may require special handling via. policy (exclusions etc.).

It's to produce a long list of users/machines, but while the Threat Hunting UI does a lot of good, I'm still ending up having to manually put together reports.
Are exportable reports from Threat Hunting queries a planned thing at any point in the future? 

A helpful expansion to the queries would also be a "unique" or "first instance" type of parameter that might display only the first instance of a match within a given timeframe.

That in itself would be incredibly helpful. As we deal with customers that might not have dedicated SOC staff, the question of usability for Threat Hunting comes up, and these "administrative" types of tasks become a very real selling point, it'd just be helpful to have some more quality of life associated with them.


0 Kudos
0 Replies