Query Details
Systems Reportingto Sentinel
Query
//Agented systems reporting to Azure Sentinel SigninLogs | union Heartbeat | where Category == "Direct Agent" | distinct Computer
Explanation
This query is looking for agented systems that are reporting to Azure Sentinel. It combines the SigninLogs and Heartbeat data, filters for systems in the "Direct Agent" category, and returns only the distinct computer names.
Details
Rod Trent
Released: August 7, 2020
Tables
SigninLogsHeartbeat
Keywords
SigninLogs,Heartbeat,Category,DirectAgent,Computer
Operators
unionwheredistinct