I have a problem with virus scan query. So I would like to a list about the Critical device from the last 7 days.
The problem is that when I run the query, it listed all the machines with the “critical” status, even if the status of the machine has changed since then.
So, what I want to do, it has to list those things that have been critical in the last 7 days and these have not changed.
So the query should link each unique host to their states.
query now: CEF AND MessageTypeValue:“Device status is Critical.”
Have you got any idea?