KQL Search

Query Details

HomeAI ToolsDevice Query

Visualization Actions Performed

Query

# Visualisation of ActionTypes that have been seen in the Cloud App logs in the last 30 days

### Defender For Endpoint

```
CloudAppEvents
| where Timestamp > ago(30d)
| summarize count() by ActionType
| render piechart with(title="ActionTypes triggered last 30 days")
```
### Sentinel
```
CloudAppEvents
| where TimeGenerated > ago(30d)
| summarize count() by ActionType
| render piechart with(title="ActionTypes triggered last 30 days")
```

Explanation

The query retrieves data from the Cloud App logs in the last 30 days and visualizes the different ActionTypes that have been seen. It provides a pie chart showing the count of each ActionType triggered. The query is executed separately for Defender For Endpoint and Sentinel.

Details

Bert-Jan Pals profile picture

Bert-Jan Pals

Released: February 14, 2023

Tables

CloudAppEvents

Keywords

CloudAppEvents,Timestamp,ago,summarize,count,ActionType,render,piechart,title,TimeGenerated

Operators

whereTimestampagosummarizecountbyActionTyperenderpiechartwithtitleTimeGenerated

Actions