Query Details
UEBA Estimate
Query
//UEBA Estimation for enabling SigninLogs SigninLogs //Data Source | where TimeGenerated > ago(30d) | where _IsBillable == true | summarize sum(_BilledSize) | extend TotalGB = sum__BilledSize / 1024 | extend UEBAGB = 0.07*TotalGB | project UEBAGB
Explanation
This query is estimating the amount of data in gigabytes (GB) for enabling SigninLogs in a user and entity behavior analytics (UEBA) system. It filters the data from the SigninLogs data source for the past 30 days and only includes billable data. It then calculates the total size of the billable data in GB and estimates the amount of data needed for UEBA, which is 7% of the total size in GB. The final result only includes the estimated amount of data needed for UEBA.
Details
Rod Trent
Released: June 20, 2023
Tables
SigninLogs
Keywords
SigninLogs,TimeGenerated,_IsBillable,_BilledSize,TotalGB,UEBAGB
Operators
whereago==summarizesumextend/1024project