Forum Discussion

Rayen's avatar
Rayen
Copper Contributor
Jan 13, 2025

Query to Fetch Sentinel Admin Activities from Sentinel

Hello,

I would like to know if there is a specific query available to fetch Sentinel admin activities directly from Sentinel itself.

Thank you!

Data Collection
KQL
Log Data
siem
  • SteveBostedor's avatar
    SteveBostedor
    Jan 14, 2025

    Does this work for you?

    AzureActivity
| where CategoryValue == "Administrative"
| where OperationNameValue has "MICROSOFT.OPERATIONALINSIGHTS"

     

  • SteveBostedor's avatar
    SteveBostedor
    Icon for Microsoft rankMicrosoft
    Jan 14, 2025

    Does this work for you?

    AzureActivity
| where CategoryValue == "Administrative"
| where OperationNameValue has "MICROSOFT.OPERATIONALINSIGHTS"

     

Resources