Forum Discussion
msef280
May 20, 2021Copper Contributor
Raw Logs Download (Sentinel)
Hi Team, Is there any way I can download the raw log from Sentinel? I am investigating alert from Sentinel default template "Brute force attack against Azure Portal" which has basically my name but ...
AnalystHOK
Dec 06, 2021Copper Contributor
hope this KQL helps you
let StartTime=ago(24h);
let StopTime=now();
TableName
|where TimeGenerated >StartTime and TimeGenerated <=StopTime
|where user=="username"
|project pack_all()
let StartTime=ago(24h);
let StopTime=now();
TableName
|where TimeGenerated >StartTime and TimeGenerated <=StopTime
|where user=="username"
|project pack_all()