Query Details

PieChart - Exposure Level Onboarded Devices

Visualization Exposure Levels

Query

DeviceInfo
| where Timestamp > ago(30d)
| where OnboardingStatus == "Onboarded"
| summarize arg_max(Timestamp, *) by DeviceId
| summarize Total = count() by ExposureLevel
| render piechart with(title="Overview Exposure Level")

About this query

PieChart - Exposure Level Onboarded Devices

Query Information

Description

This query visualizes the onboarded devices and their exposure level in a PieChart. The higher the exposure level of a device, the more likely it is to be exploited.

References

Defender XDR

Sentinel

DeviceInfo
| where TimeGenerated > ago(30d)
| where OnboardingStatus == "Onboarded"
| summarize arg_max(TimeGenerated, *) by DeviceId
| summarize Total = count() by ExposureLevel
| render piechart with(title="Overview Exposure Level")

Explanation

This query is designed to create a pie chart that shows the distribution of exposure levels among devices that have been onboarded in the last 30 days. Here's a simple breakdown of what the query does:

  1. Data Source: It uses the DeviceInfo table, which contains information about devices.

  2. Time Filter: The query filters the data to include only records from the last 30 days.

  3. Onboarding Status: It further filters the data to include only devices that have the status "Onboarded."

  4. Latest Record per Device: For each device, it selects the most recent record based on the timestamp (Timestamp for Defender XDR and TimeGenerated for Sentinel).

  5. Count by Exposure Level: It counts the number of devices at each exposure level. The exposure level indicates how vulnerable a device is to potential threats.

  6. Visualization: Finally, it renders this information as a pie chart titled "Overview Exposure Level," which visually represents the proportion of devices at each exposure level.

In summary, the query helps visualize the risk exposure of onboarded devices over the past month, highlighting which devices might be more susceptible to security threats.

Details

Bert-Jan Pals profile picture

Bert-Jan Pals

Released: October 20, 2024

Tables

DeviceInfo

Keywords

Devices

Operators

where>ago()==summarizearg_max()bycount()render piechart with()

Actions

GitHub