KQL Search

Query Details

HomeAI ToolsDevice Query

Multiple Azure RBAC Role Assignment

Query

// This query is too long to be in an Analytics Rule (more than 10.000 characters), so it had to be made a function that can be called by the rule.
// You can find the function in the next link.
//
// https://github.com/ep3p/Sentinel_KQL/blob/main/Functions/Analytics-AzureRBACRoleAssignments.kql
//
AzureRBACRoleAssignments(query_frequency = 1h)

Explanation

The query is too long to be used directly in an Analytics Rule, so it has been converted into a function that can be called by the rule. The function is available in the provided link.

Details

Jose Sebastián Canós profile picture

Jose Sebastián Canós

Released: September 7, 2023

Tables

AzureActivity, AzureActivityParsed, AzureActivity_CL, SecurityAlert, SecurityAlert_CL

Keywords

AzureRBACRoleAssignments

Operators

project, extend, where, summarize, join, union, mvexpand, parse_json, mv-apply, serialize, toscalar, tostring, todatetime, isnotnull, isnull, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isfinite, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite, isinf, isnotinf, isnotempty, isempty, isnotnan, isnan, isfinite,

Actions