Forum Discussion
KQL for list of service account with password never expires.
Hi Can someone please help me, how to write KQL query to get list of all service accounts which are set to password never expires. Thank you for your time.
It depends what Tables you have, here are two examples, but you'll have to add the Service Account filter - which will be to look for them starting with "svc-" (best practise):
Azure-Sentinel/password_never_expires.yaml at c6dce9c3aa4d4b4d02423ac4eb5a6b677a39e432 · Azure/Azure-Sentinel (github.com)
or
Sentinel-Queries/IdentityDirectoryEvents-PasswordSettoNeverExpire.kql at be2948cc572879e77dc1d2514447c24da4322bc2 · reprise99/Sentinel-Queries (github.com)