Forum Discussion
RE: KQL query for event types per table used by Microsoft Sentinel (and connected Data Connectors)
So with a base KQL query of: union withsource= table * ...is there a way to query each table in Microsoft Sentinel and identify each EVENT type used within it? So listed as... Table 1...
By "Event Type" are you referring to the EventID or something else? Maybe just a count of rows in each Table? A screenshot of teh data you are referring to would help. Thanks