KQL Search

Query Details

HomeAI ToolsDevice Query

Azure Dev Ops Repositories

Query

# DevOps - Azure DevOps Inventory

## Query Information

### Description

Use the below query to identify Azure DevOps projects and repositories.

#### References

### Microsoft 365 Defender

```kql
ExposureGraphNodes 
| where NodeLabel == @"azuredevopsrepository"
| extend Subscription = parse_json(EntityIds)[0]["id"]
| extend URL = parse_json(EntityIds)[1]["id"]
| parse Subscription with 
    "/subscriptions/" subscription_id 
    "/resourcegroups/" resource_group 
    "/providers/microsoft.security/securityconnectors/" * 
    "/devops/default/azuredevopsorgs/" azure_devops_org 
       "/projects/" project_name "/repos/" repo_name
| project NodeName, Subscription, URL,subscription_id, resource_group, azure_devops_org, project_name, repo_name
```

Explanation

This query is designed to identify and list Azure DevOps projects and repositories by extracting relevant information from a dataset. Here's a simple breakdown of what the query does:

  1. Data Source: It starts by accessing a dataset called ExposureGraphNodes.

  2. Filter: It filters the data to only include nodes labeled as azuredevopsrepository, which represents Azure DevOps repositories.

  3. Extract Information:

    • It extracts two pieces of information from a field called EntityIds:
      • Subscription: The first element's id.
      • URL: The second element's id.

  4. Parse Subscription Details:

    • It parses the Subscription field to extract detailed information such as:
      • subscription_id: The unique identifier for the Azure subscription.
      • resource_group: The resource group within the subscription.
      • azure_devops_org: The Azure DevOps organization.
      • project_name: The name of the project.
      • repo_name: The name of the repository.

  5. Output: Finally, it selects and displays the following columns:

    • NodeName: The name of the node.
    • Subscription: The subscription information.
    • URL: The URL associated with the repository.
    • subscription_id: The subscription ID.
    • resource_group: The resource group name.
    • azure_devops_org: The Azure DevOps organization name.
    • project_name: The project name.
    • repo_name: The repository name.

In summary, this query helps you identify and gather detailed information about Azure DevOps projects and repositories from a specific dataset.

Details

Alex Verboon profile picture

Alex Verboon

Released: August 29, 2025

Tables

ExposureGraphNodes

Keywords

ExposuregraphnodesAzuredevopsrepositorySubscriptionUrlEntityidsSubscriptionsResourcegroupsMicrosoftSecuritySecurityconnectorsDevopsDefaultAzuredevopsorgsProjectsReposNodename

Operators

|==extendparse_jsonparseproject

Actions