..
    generated, remove this comment to keep this file

``defender``
============

.. code-block:: console

    $ target-query <path/to/target> -f defender


.. list-table:: Details
    :widths: 20 80

    * - Module
      - ``os.windows.defender.MicrosoftDefenderPlugin``
    * - Output
      - ``records``

**Module documentation**

Plugin that parses artifacts created by Microsoft Defender.

This includes the EVTX logs, as well as recovery of artefacts from the quarantine folder.

**Function documentation**


This is a namespace plugin. This means that by running this plugin, it will automatically run
all other plugins under this namespace:

- :doc:`/plugins/defender.evtx`
- :doc:`/plugins/defender.exclusions`
- :doc:`/plugins/defender.quarantine`
- :doc:`/plugins/defender.recover`