| title | Work with query results in guided mode for hunting in Microsoft Defender XDR | ||
|---|---|---|---|
| description | Use and customize query results in guided mode for advanced hunting in Microsoft Defender XDR | ||
| search.appverid | met150 | ||
| ms.service | defender-xdr | ||
| ms.subservice | adv-hunting | ||
| f1.keywords |
|
||
| ms.author | pauloliveria | ||
| author | poliveria | ||
| ms.localizationpriority | medium | ||
| manager | dansimp | ||
| audience | ITPro | ||
| ms.collection |
|
||
| ms.custom |
|
||
| appliesto |
|
||
| ms.topic | how-to | ||
| ms.date | 03/28/2025 |
[!INCLUDE Microsoft Defender XDR rebranding]
Important
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
In hunting using guided mode, the results of the query appear in the Results tab.
You can work on the results further by exporting them to a CSV file by selecting Export. This downloads the CSV file for your use.
You can view other information in the Results view:
- Number of records in the results list (beside the Search button)
- Duration of the query run time
- Resource usage of the query
A few standard columns are included in the results for easy viewing.
To view more columns:
-
Select Customize columns in the upper right-hand portion of the results view.
-
From here, select the columns to include in the results view and deselect columns to hide.
-
Select Apply to view results with the added columns. Use the scroll bars if necessary.
