// If we also wanted to see what alerts fired on these machines we could extend the above query and join them with the SecurityAlerts table from Azure Security Center.
// Azure Security Center must be enabled for this query to be valid
| join (SecurityAlert
| extend ExtProps=parsejson(ExtendedProperties)
| extend Computer=toupper(tostring(ExtProps["Compromised Host"]))
)
on Computercloudflare/Azure-Sentinel
Publicmirrored fromhttps://github.com/cloudflare/Azure-Sentinel
Functions/AlertsOnComputer.txt
7lines · modepreview
unknown