defender
#
$ target-query <path/to/target> -f defender
Module |
|
Output |
|
Module documentation
Plugin that parses artifacts created by Microsoft Defender.
This includes the EVTX logs, as well as recovery of artefacts from the quarantine folder.
Function documentation
This is a namespace plugin. This means that by running this plugin, it will automatically run all other plugins under this namespace: