Forum Discussion

Skipster311-1's avatar
Skipster311-1
Iron Contributor
Jul 28, 2021

Advanced Hunting Query to include logged on users

Hello    I am using the below query to get an endpoint status report. The query works great, however requesting help on modifying the query to show me the logged on users. Thank you in advance   ...
cjmay1's avatar
cjmay1
Copper Contributor
Jan 24, 2022

Skipster311-1 if you're still looking for help on this, I created a correlation query that includes grabbing logged in users from an endpoint name. You can reference it to get you started on solving your problem -> https://github.com/lawndoc/AdvancedHuntingQueries/tree/main/Utilities

  • cjmay1's avatar
    cjmay1
    Copper Contributor
    Jan 24, 2022

    Skipster311-1 Nevermind, I went ahead and did it for you -- this is what you wanted: https://security.microsoft.com/v2/advanced-hunting?query=H4sIAAAAAAAAA7VX2U7bQBSd50r9hyhPiQQNBoTUVjy4QFGqsoikfUVZTDDEIfISoOLje-6ZGdtZxqRVolFi-965-zbTUi1VU4lKVaCmePPUF_wP1JOKsQI1Vj3ianiOsWrqHjjZnxA2UUM8Q_wHeE_xJr8A2I_qA_YH-F7mF-J7AvgxfqeAzgAZ4NkG9A44oX0Dbgh4wv0T4NOF3ZfgFeG5A_hPUI2wAtBcYfcv0AWQmOS8pvh6Ug-AVnM6UZnRVewp-Ghtp9gZE3YLXgntaFRIb-byI0jbBfUUa6xeKyVp7zRIWzNrXf0tH62vS8an_L1M20EETt-l7DDeolvzn71r-UwMTMtKTU7FjPQIltt9TVKJT6-pS2Sku-i0BYVeD9gR0pvtuRx9zXPNentZhuURqBfWgM717_CLVMLlnAVaiwGzu6HOQT8jRdn2On_az1nJB83_yPdFLQT2A5b0VZf2jQ3sDNgeIGPlg_uQ9iVYq2Kx2tMC9SFfajij_64gxUZavPqV-rcWOsk-O8kIvHrYXzP-m5p4iG0xd0pnSE2dlq3t4k10EDkZ954wUnfAjwgpOolPm7RlkYmy9ekzOlZA-loFh7bpY7ru6uAzoPW76jN6Yt3Er4Duqz0uF8ZNs-_EHDgwnlOO55TjOeV4FXIOnZgjwIo8TeC9iJkllffHzIcYXr0l9AU-lDyMGJOU-TUl5za-JQoRu2DICZLmGN90x5CV1GcWN4Hrs1-6O3ZVVFdXcddopqtXpEn-zHfc97LlmLRVWdGhvIQ5fsY60zYNuWMTsryVsk5J3yPXMSUOcn6bklzkV5vRlC4T0zYd34jdIjQ9UXNMNia9yOGuyS6p8WtOoXQL9pZr0DdTZEaLM-zcRmzLtb0ssUNuE_LS3fG3mc-btbqI8g34yxkwNXW9HV-Xu-038L4HzYw0sbogZcipbyf-puws8ukac9HfaiYdVsT1pjQTN2vhUS71BFGUWT5cy8o6em0LmtZ5FitjbthDM-bEYh91dXOr357RxfJ2zwZL4RmKc5w_rtDhiizx-dV0dHrpTAP1yMoszvACaeRTYGfBmupJZ6nsnUCwj7wR9PEmp9CyzOr5Veg8Y3Vl-X1L87plF13W2N4sFk9dBzx1Fafe1Tcv0Tzl2XedU9nbGhztKbrKxvk7gtyFnvFzecZbad8h7dOc7tgL_gIzSDq1wg4AAA&timeRangeId=week

  • skipster311-175's avatar
    skipster311-175
    Brass Contributor
    Jan 24, 2022
    Very helpful. Thank you

Resources