Rerun queries in query history
Applies to:
- Microsoft Defender XDR
Important
Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Your previous queries appear in the Query history tab in the lower half of the advanced hunting page. You can run queries you have generated and run before even if you have already closed the query tab that contains it.
View the query history tab
To view your query history, select the Query history tab.
Your recent queries appear in descending order of when you last ran them. The query history contains up to 30 queries from the last 28 days.
By default, Query history contains following columns:
- Time - when the query was started
- Query
- Query time - how long the query ran
- State - whether the query was completed, failed, or was throttled
Select Customize columns to hide any of the columns in your view.
Rerun queries from query history
To use any of your previous queries, select the query. The Run query and Use in editor options then appear.
Select Run query to load and run the query in the query editor. Select Use in editor to load the query in the editor, where you can then refine it further.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for