← Back to Explore
kqlHunting
MDA - File Download by Country
download or download from browser
Detection Query
CloudAppEvents
| where ActionType startswith "FileDownloaded" //download or download from browser
| summarize count() by CountryCode//, tostring(IPTags)Data Sources
CloudAppEvents
Tags
defender
Raw Content
CloudAppEvents
| where ActionType startswith "FileDownloaded" //download or download from browser
| summarize count() by CountryCode//, tostring(IPTags)