A threat hunter wants to identify all devices that have communicated with a known malicious IP address in the last 7 days. Which table in Microsoft Defender for Endpoint advanced hunting should be queried?
This table contains network connection events.
Why this answer
DeviceNetworkEvents records network connections, including destination IP addresses.