Query Details
Show Latest Application Installations
Query
Use Case: Monitoring the successful installation of applications on Windows systems over the last 7 days.
Query:
WindowsEvent('Application', 7d)
| where Message contains 'Installation completed successfully'Explanation
The query is looking for Windows events related to application installations that have been successfully completed in the last 7 days.
Details
Ugur Koc
Released: February 4, 2024
Tables
WindowsEvent
Keywords
WindowsEvent,Application,Message,Installationcompletedsuccessfully
Operators
|wherecontains