defender

$ target-query <path/to/target> -f defender

Details

Module	os.windows.defender.MicrosoftDefenderPlugin
Output	records

Module documentation

Plugin that parses artifacts created by Microsoft Defender.

This includes the EVTX logs, as well as recovery of artefacts from the quarantine folder.

Function documentation

This is a namespace plugin. This means that by running this plugin, it will automatically run all other plugins under this namespace:

• defender.evtx

• defender.exclusions

• defender.quarantine

• defender.recover