Query Details
Visualization Logon Failure Reasons
Query
# Logon Failure Reasons ### Defender For Endpoint ``` DeviceLogonEvents | where isnotempty(FailureReason) | summarize count() by FailureReason | render piechart with (title="Logon Failure Reasons") ``` ### Sentinel ``` DeviceLogonEvents | where isnotempty(FailureReason) | summarize count() by FailureReason | render piechart with (title="Logon Failure Reasons") ```
Explanation
The query is counting and categorizing the reasons for logon failures in two different systems: Defender for Endpoint and Sentinel. It then displays the results in a pie chart.
Details
Bert-Jan Pals
Released: March 8, 2023
Tables
DeviceLogonEvents
Keywords
DeviceLogonEvents,FailureReason,summarize,count(),render,piechart,title
Operators
whereisnotemptysummarizecountbyrender