Query Details
Windows Update Installations
Query
Use Case: Identifying system-related events with Event ID 19 within the last 7 days for IT security auditing purposes.
Query:
WindowsEvent('System', 7d)
| where tostring(EventId) == '19'Explanation
The query is looking for system-related events with Event ID 19 that occurred within the last 7 days. It is used for IT security auditing purposes.
Details
Ugur Koc
Released: February 4, 2024
Tables
WindowsEvent
Keywords
WindowsEvent,System,EventId
Operators
|wheretostring==