Forum Discussion
Rayen
Jan 13, 2025Copper Contributor
Fetch Sentinel admin activity
Hello,
I would like to know if there is a specific query available to fetch Sentinel admin activities directly from Sentinel itself.
Thank you!
There is some data in the Activity logs, here is a brief example
AzureActivity | where TimeGenerated > ago(90d) | where ResourceProviderValue =~ "Microsoft.SecurityInsights" | extend eventCategory_ = tostring(parse_json(Properties).eventCategory)
- Clive_WatsonBronze Contributor
There is some data in the Activity logs, here is a brief example
AzureActivity | where TimeGenerated > ago(90d) | where ResourceProviderValue =~ "Microsoft.SecurityInsights" | extend eventCategory_ = tostring(parse_json(Properties).eventCategory)