Jump to content

Why is my Advanced Hunting Query unable to show the records that I want?

Guest Nathaniel Kwok

By Guest Nathaniel Kwok
in Microsoft Products Support & Discussions

 Share

Recommended Posts

Guest Nathaniel Kwok

Guest Nathaniel Kwok

Posted
Posted

I am trying to see if a PowerShell file that I signed (signtools) shows up in an Advanced Hunting Query, but it does not. I ran the signtools command in powershell, and it shows that the file was signed successfully. Yet, when I go to the query to try to look for it, the signed file does not show up. Below is my Advanced Hunting Query:DeviceFileCertificateInfo//get files where certificate older than today| where Timestamp > ago(90d)| where CertificateExpirationTime < now()| distinct SHA1, Issuer, Signer, CertificateExpirationTime, IsTrusted, IsRootSignerMicrosoft, SignerHash| project-kee

 

More...

  • Replies 0
  • Created
  • Last Reply

Popular Days

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...