Query Details
Multiple Authentication Method Changes
Query
// Please, use the function you can find in: // // https://github.com/ep3p/Sentinel_KQL/blob/main/Functions/AuthenticationMethodChanges.kql // AuthenticationMethodChanges()
Explanation
This query is using a function called AuthenticationMethodChanges() which is located in the provided GitHub link. The function is likely designed to track and report changes in authentication methods used in a system. However, without more context or access to the actual function, it's difficult to provide a more detailed summary.
Details
Jose Sebastián Canós
Released: January 30, 2023
Tables
SigninLogsUserAuthenticationMethodActivity
Keywords
AuthenticationMethodChanges,SentinelKQL,Functions,GitHub
Operators
projectextendsummarizearg_max()toscalar()make_list()make_set()count()mv-expandparse_json()tostring()toint()iff()strcat()strcat_array()sort()top()byinorandnot==!=<><=>=~!~..:?*/%+-|&