Visualise the outdated Operating Systems used to connect to your cloud environment
Visualization Outdated OS Used
Query
CloudAppEvents
| where UserAgentTags contains "Outdated operating system"
| summarize count() by OSPlatform
| render piechart with(title="Outdated Operating Systems Used")About this query
Visualise the outdated Operating Systems used to connect to your cloud environment
Defender XDR
Sentinel
CloudAppEvents
| where UserAgentTags contains "Outdated operating system"
| summarize count() by OSPlatform
| render piechart with(title="Outdated Operating Systems Used")
Explanation
This query is designed to identify and visualize the outdated operating systems that are being used to connect to your cloud environment. Here's a simple breakdown of what each part of the query does:
-
Data Source: The query pulls data from the
CloudAppEventstable, which contains records of events related to cloud applications. -
Filter: It filters the data to only include events where the
UserAgentTagsfield indicates the use of an "Outdated operating system". This means it is specifically looking for connections made using operating systems that are no longer up-to-date. -
Summarize: The query then groups the filtered data by the
OSPlatformfield, which represents the type of operating system. It counts the number of occurrences for each operating system. -
Visualize: Finally, it creates a pie chart to visually represent the distribution of these outdated operating systems. The pie chart is titled "Outdated Operating Systems Used".
Both the Defender XDR and Sentinel queries perform the same function, using the same logic and structure, to provide a visual summary of outdated operating systems accessing your cloud environment.
Details

Bert-Jan Pals
Released: December 1, 2024
Tables
Keywords
Operators