Forum Discussion
Monitor App activity with Sentinel
Anyone could share info if there is a way to monitor activity for Enterprise Apps using Sentinel? Basically to understand if Enterprise App has been used lately.
- Do you use Defender for Cloud Apps? If so you can connect and ingest the Cloud Discovery Logs and then monitor any apps including enterprise Apps.
- cmaneiro
Microsoft
Hi marka01
Not sure if this is what you are looking:
This is just a simple query to get errors and success logging activity per Application, probably you need to narrow down your specific application.
KQL:
let Long = ago(30d);
SigninLogs
| where TimeGenerated > Long
| project AppDisplayName, ResultType
| extend Successful=iff(ResultType == "0" , 1 , 0)
| extend Falied=iff(ResultType != "0" , 1 , 0)
| extend Counter=1
| summarize SuccessCount=sum(Successful), FailedCount=sum(Falied) by AppDisplayNameHope it helps
