Query Details
Not Equal
Query
//Not Equal example SecurityAlert | where DisplayName == "An event log was cleared" | where EndTime != "7/15/2020, 5:55:31.000 PM" and ProviderName != "IPC" and SystemAlertId != "e3f60b59-3c5c-5b5d-8213-698a58fa39aa"
Explanation
This query is looking for security alerts where the display name is "An event log was cleared". It filters out alerts where the end time is not equal to "7/15/2020, 5:55:31.000 PM", the provider name is not equal to "IPC", and the system alert ID is not equal to "e3f60b59-3c5c-5b5d-8213-698a58fa39aa".
Details
Rod Trent
Released: July 20, 2020
Tables
SecurityAlert
Keywords
SecurityAlert,DisplayName,EndTime,ProviderName,SystemAlertId
Operators
==!=and