Merge pull request #4189 from ep3p/patch-21
Remove unnecessary summarize in SigninPasswordSpray.yaml
This commit is contained in:
Коммит
e63e71a62d
|
@ -44,7 +44,6 @@ query: |
|
|||
table(tableName)
|
||||
| where TimeGenerated > ago(timeRange)
|
||||
| where ResultType in(failureCodes)
|
||||
| summarize StartTime = min(TimeGenerated), EndTime = max(TimeGenerated), make_set(ClientAppUsed), count() by bin(TimeGenerated, authenticationWindow), IPAddress, AppDisplayName, UserPrincipalName, Type
|
||||
| summarize FailedPrincipalCount = dcount(UserPrincipalName) by bin(TimeGenerated, authenticationWindow), IPAddress, AppDisplayName, Type
|
||||
| where FailedPrincipalCount >= authenticationThreshold
|
||||
| summarize WindowThresholdBreaches = count() by IPAddress, Type
|
||||
|
@ -85,5 +84,5 @@ entityMappings:
|
|||
fieldMappings:
|
||||
- identifier: Address
|
||||
columnName: IPCustomEntity
|
||||
version: 1.0.0
|
||||
kind: Scheduled
|
||||
version: 1.0.1
|
||||
kind: Scheduled
|
||||
|
|
Загрузка…
Ссылка в новой задаче