Forum Discussion

K_E's avatar
K_E
Iron Contributor
Feb 28, 2023

Sentinel Alert - Alert on new device registration

Hi, i'm looking for a query to alert me on new device registrations. The following query returns a result but i never gets an alert mail. What time range should I enter here? Is the query wrong...
alerts
KQL
kusto
monitoring
Clive_Watson's avatar
Clive_Watson
Bronze Contributor
Feb 28, 2023

K_E 

 

I'm not sure what the createdDate is, but in my system its normally much older than 1hr (often months). 

In Sentinel TimeGenerated is normally used.  e.g. 

 

 

IntuneDevices
| where TimeGenerated > ago(1d)
| distinct DeviceName, SerialNumber, CreatedDate, Model, TimeGenerated

 



There are some examples here: Search · intunedevices (github.com)