🔥 3-day streak
Microsoft Security Operations Analyst96 / 190
Question 96 of 190

During a threat hunt in Microsoft Defender XDR, you identify a suspicious executable hash from an alert. You need to visually pivot from this file to every device that executed it, the users who were signed in at execution time, and any network destinations those devices contacted—without writing multiple sequential KQL queries. Which Defender XDR capability lets you interactively explore these entity relationships in a single connected view?

Reviewed for accuracy · Report an issueNext question