Query Details
MCAS Low Score App Usage Report
Query
///Use apps (Defender for Cloud) with a score lower than 5 in past 7 days. McasShadowItReporting | where TimeGenerated >= ago (7d) | where AppScore < 5 | summarize sum(TotalEvents) by MachineName, EnrichedUserName, AppName, AppScore | project MachineName, TotaalEventsInlaatste7dagen=sum_TotalEvents, EnrichedUserName, AppName, AppScore | sort by TotalEventsInlast7days desc
Explanation
Find all instances of the Defender for Cloud app with a score lower than 5 in the past 7 days. Summarize the total events for each machine, user, app, and score, and sort them by the total events in the last 7 days in descending order.
Details
Muzammil Mahmood
Released: June 7, 2024
Tables
McasShadowItReporting
Keywords
Apps,Defender,Cloud,Score,Past,Days,MachineName,EnrichedUserName,AppName,TotalEventsInLast7Days
Operators
McasShadowItReportingwhereTimeGeneratedagosummarizesumprojectsortbydesc