Update IPEntity_AppServiceHTTPLogs.yaml
Fixing Cip --> CIp on join condition.
This commit is contained in:
Shain
GitHub
Родитель
bff116a518
Коммит
36bccd7ef4
|
|
@ -40,7 +40,7 @@ query: |
|
||||||
// renaming time column so it is clear the log this came from
|
// renaming time column so it is clear the log this came from
|
||||||
| extend AppService_TimeGenerated = TimeGenerated
|
| extend AppService_TimeGenerated = TimeGenerated
|
||||||
)
|
)
|
||||||
on $left.TI_ipEntity == $right.Cip
|
on $left.TI_ipEntity == $right.CIp
|
||||||
| summarize LatestIndicatorTime = arg_max(TimeGenerated, *) by IndicatorId
|
| summarize LatestIndicatorTime = arg_max(TimeGenerated, *) by IndicatorId
|
||||||
| project LatestIndicatorTime, Description, ActivityGroupNames, IndicatorId, ThreatType, Url, ExpirationDateTime, ConfidenceScore, AppService_TimeGenerated, TI_ipEntity, CsUsername, WebApp = split(_ResourceId, '/')[8], CIp, CsHost, NetworkIP, NetworkDestinationIP, NetworkSourceIP, EmailSourceIpAddress
|
| project LatestIndicatorTime, Description, ActivityGroupNames, IndicatorId, ThreatType, Url, ExpirationDateTime, ConfidenceScore, AppService_TimeGenerated, TI_ipEntity, CsUsername, WebApp = split(_ResourceId, '/')[8], CIp, CsHost, NetworkIP, NetworkDestinationIP, NetworkSourceIP, EmailSourceIpAddress
|
||||||
| extend timestamp = AppService_TimeGenerated, AccountCustomEntity = CsUsername, IPCustomEntity = CIp, URLCustomEntity = CsHost
|
| extend timestamp = AppService_TimeGenerated, AccountCustomEntity = CsUsername, IPCustomEntity = CIp, URLCustomEntity = CsHost
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче