The following is an example of how to retrieve some kinds of XDR data on the Processes or Observations page.

Procedure

  1. On the left navigation pane, click Investigate.
  2. On the Investigate page, click Processes or Observations.
  3. In the Filters pane on the left, scroll to Application Protocol. You can filter by the following protocols:
    • HTTP
    • TLS
    • RDP
    • DNS
    • SMB
    • LDAP
    • Kerberos
    Tip: Click the vertical 3-dot Configuration menu to configure the filters that display in the Console. For example:
    Configure Filters menu on the Processes page
  4. Construct and run your search query. For example, search for netconn_domain:go.microsoft.com.
    Note: See netconn-specific XDR search fields in XDR Search Fields. See all search fields in the in-product Search Guide.

What to do next

See Exploring XDR Data for ways to view and investigate your search results.