Forum Discussion
Query for a User Management Activity
Hi All, I wanted to write a KQL query for the following scenario: A user "X" is created, "X" is added to a security enabled group. Then X is deleted or X deletes some other account. I h...
Hi kmanish
Have you looked at the samples in the Sentinel GitHub, this example is similar in structure to your request (and has an adjustable time window [10mins] as well, which could be useful).