Forum Discussion

Ankit_Pandey's avatar
Ankit_Pandey
Copper Contributor
May 12, 2020

Query Activity From RiskyUsersBlade Under 'Risk History' Tab

In log analytics I need to query Activity field from Risk History in Risky Users blade. Goal is to generate alert every time when a users risk history shows as 'Leaked Credentials' under Activity tab...
Ankit_Pandey's avatar
Ankit_Pandey
Copper Contributor
May 15, 2020

Thank you Rod_Trent, however I had tried this before posting it here and this did not bring result. Is there a possibility that after I tagged this user as Compromised, the latest value here - "Admin confirmed user compromised" overwrites risk history (Leaked Credentials) with new entry and does not bring up result ? 

In fact even for an unstructured search to look up for 'leaked credentials' nothing comes up. 

search "leaked credentials" --> no result

A screenshot attached for reference to tell I am querying from Risky Users Blade. 

 

Ankit_Pandey's avatar
Ankit_Pandey
Copper Contributor
May 21, 2020

Any suggestions please. Thank You.

  • Ankit_Pandey's avatar
    Ankit_Pandey
    Copper Contributor
    Jun 09, 2020

    Still looking for a solution to make this work. Any insights please ?