7 строки
436 B
Plaintext
7 строки
436 B
Plaintext
// If we also wanted to see what alerts fired on these machines we could extend the above query and join them with the SecurityAlerts table from Azure Security Center.
|
|
// Azure Security Center must be enabled for this query to be valid
|
|
| join (SecurityAlert
|
|
| extend ExtProps=parsejson(ExtendedProperties)
|
|
| extend Computer=toupper(tostring(ExtProps["Compromised Host"]))
|
|
)
|
|
on Computer |