Forum Discussion
Solved
query defender for identity logs
hi - how can i query using either sentinel or kql the data witin defender for identity. i want to do some analysis on our service accounts and the data will help with this. thanks
Sanjit Hayer You can use Advanced Hunting feature from Microsoft 365 Security Portal - https://security.microsoft.com/advanced-hunting
You'll find tables for IdentityInfo, IdentitylogonEvents, IdentityQueryEvents and IdentityDirectoryEvents.
These tables can be used to create relevant KQL queries.
Sanjit Hayer You can use Advanced Hunting feature from Microsoft 365 Security Portal - https://security.microsoft.com/advanced-hunting
You'll find tables for IdentityInfo, IdentitylogonEvents, IdentityQueryEvents and IdentityDirectoryEvents.
These tables can be used to create relevant KQL queries.
Is this table also available via the API?