Foundry - Agent invoking a tool for the first time
Foundry New Tool First Seen
Query
let baselineWindow = 14d;
let recentWindow = 1h;
let toolEvents =
AppDependencies
| where TimeGenerated > ago(baselineWindow)
| where isnotempty(Properties["gen_ai.tool.name"])
| extend
Agent = tostring(Properties["gen_ai.agent.name"]),
Model = tostring(Properties["gen_ai.request.model"]),
ProjectId = tostring(Properties["microsoft.foundry.project.id"]),
ToolName = tolower(tostring(Properties["gen_ai.tool.name"])),
ToolType = tolower(tostring(Properties["gen_ai.tool.type"]))
| where isnotempty(ToolName);
let baseline =
toolEvents
| where TimeGenerated between (ago(baselineWindow) .. ago(recentWindow))
| distinct Agent, ToolName;
let recent =
toolEvents
| where TimeGenerated > ago(recentWindow)
| summarize
RecentCalls = count(),
FirstSeen = min(TimeGenerated),
AnyModel = take_any(Model),
AnyProject = take_any(ProjectId),
ToolTypes = make_set(ToolType, 8)
by Agent, ToolName;
recent
| join kind=leftanti baseline on Agent, ToolName
| extend AccountName = iff(isempty(Agent), "unknown-agent", Agent)
| extend Model = AnyModel, ProjectId = AnyProject
| project
FirstSeen, AccountName, Agent, Model, ProjectId, ToolName,
ToolTypes, RecentCalls
| order by RecentCalls descExplanation
This query is designed to detect when a Foundry or Agent Service agent uses a tool for the first time within a 14-day period. Here's a simplified breakdown of what the query does:
-
Purpose: The query identifies when an agent uses a tool it hasn't used in the last 14 days. This can indicate a new tool being added to the agent's capabilities, which might be a sign of potential security issues like supply-chain attacks or misconfigurations.
-
Data Source: It uses data from Application Insights, specifically the
AppDependenciesdata type. -
Time Frames:
- Baseline Window: 14 days. This is used to establish a history of tool usage by the agent.
- Recent Window: 1 hour. This is used to identify new tool usage events.
-
Process:
- Collects tool usage events from the last 14 days.
- Filters out events where the tool name is not specified.
- Establishes a baseline of tools used by each agent in the past 14 days, excluding the last hour.
- Identifies recent tool usage events from the last hour.
- Compares recent events against the baseline to find new tool usages.
-
Output: The query outputs details about the first-time tool usage, including when it was first seen, the agent's name, the model used, the project ID, the tool name, types of tools used, and the number of recent calls.
-
Severity and Tactics: The alert is marked with medium severity and is associated with tactics like Execution and Privilege Escalation, indicating potential security risks.
-
Alert Configuration: If a new tool usage is detected, an alert is generated, and incidents are created for further investigation.
-
Customization: The query allows for tuning the baseline window or suppressing alerts during known onboarding periods to reduce noise.
Overall, this query helps in monitoring and detecting unusual or potentially risky behavior by agents using new tools, which can be crucial for maintaining security and preventing unauthorized access or actions.
Details

David Alonso
Released: June 8, 2026
Tables
Keywords
Operators
Severity
MediumTactics
Frequency: PT1H
Period: P14D