Query Details
Identify And Summarize Processor Families In Your Environment
Query
# Identify and summarize processor families in your environment # Description The following query leverages DeviceTvmHardwareFirmware and will help you build an estate of your environment’s processors which will allow you to identify possibly old and non-reliable devices in your organization. DeviceTvmHardwareFirmware ### Microsoft Defender XDR ``` DeviceTvmHardwareFirmware | where ComponentType == @"Processor" | project ProcFamily = parse_json(AdditionalFields)["Family"] | summarize count() by tostring(ProcFamily) | sort by ProcFamily asc ``` ### Versioning | Version | Date | Comments | | ------------- |---------------| ---------------------------------------| | 1.0 | 05/12/2024 | Initial publish |
Explanation
This KQL (Kusto Query Language) query is designed to analyze the processors in your organization's environment using data from the DeviceTvmHardwareFirmware table. Here's a simple breakdown of what the query does:
-
Filter for Processors: It starts by filtering the data to only include entries where the
ComponentTypeis "Processor." -
Extract Processor Family: It then extracts the processor family information from the
AdditionalFieldscolumn, which is stored in JSON format. This information is labeled asProcFamily. -
Count Processor Families: The query counts how many devices belong to each processor family.
-
Sort Results: Finally, it sorts the results in ascending order based on the processor family.
The output of this query will be a list of processor families present in your environment along with the count of devices for each family. This can help you identify potentially outdated or unreliable processors in your organization.
Details
Michalis Michalos
Released: December 5, 2024
Tables
Keywords
Operators