Azure-Sentinel/Playbooks/Export-Report-CSV/reportWatchlist.csv

1	Title	Schedule	QueryBody	Recipients
2	Simple Export Test	Daily	SigninLogs | where TimeGenerated >= ago(24h) | where UserPrincipalName == "amy@contoso.com"	joe@contoso.com
3	New Report!	Daily	AuditLogs	joe@contoso.com
4	Bitlocker Recoveries	Daily	AuditLogs | where OperationName == "Read BitLocker key" | extend userPrincipalName = initiatedBy.user.userPrincipalName	joe@contoso.com