Query Details
Incidents
Query
AzureActivity | where _ResourceId contains "SecurityInsights" and _ResourceId contains "incidents"
Explanation
This query is searching for Azure activity logs that contain both "SecurityInsights" and "incidents" in the resource ID.
Details
Rod Trent
Released: May 21, 2020
Tables
AzureActivity
Keywords
AzureActivity,_ResourceId,SecurityInsights,incidents
Operators
wherecontainsand