Query Details
Cloud Shell
Query
AzureActivity | where TimeGenerated > ago(1d) | where ResourceGroup contains "cloud-shell" and ActivityStatus == "Started" | project CallerIpAddress , Caller
Explanation
This query is searching for Azure activity logs from the past day. It filters the logs to only include those related to a resource group containing "cloud-shell" and with an activity status of "Started". The query then projects the caller's IP address and caller information.
Details
Rod Trent
Released: April 3, 2020
Tables
AzureActivity
Keywords
AzureActivity,TimeGenerated,ResourceGroup,cloud-shell,ActivityStatus,Started,CallerIpAddress,Caller
Operators
where>agocontains==project