🔥 3-day streak
Microsoft Security Operations Analyst55 / 190
Question 55 of 190
You are a SOC analyst hunting in Microsoft Defender XDR Advanced Hunting. You need to identify all interactive and remote sign-in attempts on managed endpoints, including which account attempted the logon, the logon type, and whether it succeeded or failed, so you can spot brute-force patterns against local accounts. Which table should form the basis of your KQL query?
Reviewed for accuracy · Report an issueNext question