'where' operator: Failed to resolve table or column expression named 'SecurityEvent'

In case Travis does not answer here is some guidance. The Security & Audit solution is no longer standalone solution. It is part of Azure Security Center (ASC). To use ASC and that solution you need to be on the Standard SKU for ASC. The doc for upgrading to Standard tier is here: https://docs.microsoft.com/en-us/azure/security-center/security-center-onboarding You will also need to upgrade the SKU of the Log Analytics workspace as well. Informaiton on the same link. Additionally to the same workspace you will deploy the Security & Audit solution from the marketplace: https://azuremarketplace.microsoft.com/en-au/marketplace/apps/Microsoft.SecurityOMS?tab=Overview Below blog post will also help you understand how to setup the event logging level for secrutiy events: https://cloudadministrator.net/2018/01/16/tips-and-tricks-of-setting-up-azure-security-center/ More documentation on setting up and what events are gathered with the different levels: https://docs.microsoft.com/en-us/azure/security-center/security-center-enable-data-collection