cloudflare/Azure-Sentinel
Publicmirrored fromhttps://github.com/cloudflare/Azure-Sentinel
Functions/AlertsOnComputer.txt
7lines · modecode
folder restructure for hunting queries, exploration queries, and built-in alerts aka detections. (#12)38faeb1
7 years ago
| 1 | // If we also wanted to see what alerts fired on these machines we could extend the above query and join them with the SecurityAlerts table from Azure Security Center. |
| 2 | // Azure Security Center must be enabled for this query to be valid |
| 3 | | join (SecurityAlert |
| 4 | | extend ExtProps=parsejson(ExtendedProperties) |
| 5 | | extend Computer=toupper(tostring(ExtProps["Compromised Host"])) |
| 6 | ) |
| 7 | on Computer |