changing operation order
This commit is contained in:
Родитель
0049712af5
Коммит
7f6607ed7f
|
@ -29,7 +29,7 @@ query: |
|
|||
];
|
||||
AzureDevOpsAuditing
|
||||
| where TimeGenerated >= ago(timeframe)
|
||||
| where OperationName == "Group.UpdateGroupMembership.Add" and Area == "Group"
|
||||
| where Area == "Group" and OperationName == "Group.UpdateGroupMembership.Add"
|
||||
| where Details has 'Administrators'
|
||||
| where Details has "was added as a member of group" and (Details endswith '\\Project Administrators' or Details endswith '\\Project Collection Administrators')
|
||||
| parse Details with AddedIdentity ' was added as a member of group [' EntityName ']\\' GroupName
|
||||
|
|
Загрузка…
Ссылка в новой задаче