Query Details
Executed Processes
Query
//All processes executed and how many times search in (SecurityEvent) EventID == 4688 | summarize ExecutionCount = count() by NewProcessName
Explanation
This query searches for a specific event ID (4688) in the SecurityEvent table. It then summarizes the count of how many times each new process name has been executed.
Details
Rod Trent
Released: May 25, 2021
Tables
SecurityEvent
Keywords
Search,SecurityEvent,EventID,NewProcessName,ExecutionCount
Operators
searchinEventID==4688summarizeExecutionCount=count()byNewProcessName.