Queries for the MDCDetectionFimEvents table

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

All FIM events for directories

Get all FIM events against directories of the host.

MDCDetectionFimEvents
| where IsDir == "True"
| order by TimeGenerated
| limit 100