This query looks for all signin logs over the last 14 days, that have reprise_99@testdomain.com as the UserPrincipalname, that are successful and then returns the latest record.SigninLogs | where TimeGenerated > ago(14d) | where UserPrincipalName == "reprise_99@testdomain.com" | where...
and then show the related country.","body@stringLength":"348","rawBody":"I was hoping there was a way to do this with kql, i.e query the threatintelligence table to get the country.Or
This query looks for all signin logs over the last 14 days, that havereprise_99@testdomain.comas the UserPrincipalname, that are successful and then returns the latest record. SigninLogs |whereTimeGenerated >ago(14d) |whereUserPrincipalName =="reprise_99@testdomain.com"|whereResultType =="...
and then show the related country.","body@stringLength":"348","rawBody":"I was hoping there was a way to do this with kql, i.e query the threatintelligence table to get the country.Or
It's based on your work I think, and then I tweaked it at the end for fortinet logs.let geoData =materialize (externaldata(network:string,geoname_id:string,continent_code:string,continent_name:string,country_iso_code:string,country_name:string,is_anonymous_proxy:string,is_satellite_provider:...
It's based on your work I think, and then I tweaked it at the end for fortinet logs.let geoData =materialize (externaldata(network:string,geoname_id:string,continent_code:string,continent_name:string,country_iso_code:string,country_name:string,is_anonymous_proxy:string,is_satellite_provider:...
It's based on your work I think, and then I tweaked it at the end for fortinet logs.let geoData =materialize (externaldata(network:string,geoname_id:string,continent_code:string,continent_name:string,country_iso_code:string,country_name:string,is_anonymous_proxy:string,is_satellite_provider:...
It's based on your work I think, and then I tweaked it at the end for fortinet logs. let geoData = materialize (externaldata(network:string,geoname_id:string,continent_code:string,continent_name:string, country_iso_code:string,country_name:string,is_anonymous_proxy:string,is_satellite_provid...
It's based on your work I think, and then I tweaked it at the end for fortinet logs.let geoData =materialize (externaldata(network:string,geoname_id:string,continent_code:string,continent_name:string,country_iso_code:string,country_name:string,is_anonymous_proxy:string,is_satellite_provider:...