Web Content Filtering - status across devices query

[SergGu]

Hello Microsoft Team,

Not sure if this is planned already, It would be great to get few queries for a new Web Content Filtering feature. Here are few suggestions:

• Web Content Filtering health across endpoints - to show which nodes has a most recent policy
• Web Content Filtering events overall stats - to show number of events coming from endpoints
• Web Content Filtering details for specific endpoint - show all hits and categories for named endpoint

Regards,
Serg

[johnB007]

I use this KQL query in AH for Web Content Filtering reports.

DeviceEvents
| where ActionType contains "ExploitGuardNetworkProtection"
| extend ParsedFields=parse_json(AdditionalFields)
| project DeviceName, ActionType, Timestamp, RemoteUrl, InitiatingProcessFileName, IsAudit=tostring(ParsedFields.IsAudit), ResponseCategory=tostring(ParsedFields.ResponseCategory), DisplayName=tostring(ParsedFields.DisplayName)