Forum Discussion
Solved
Sentinel Alert- Querying multiple Entities
Hi team, Trying to build an alert in Sentinel when a phish report is submitted by users, an email containing sender,recipient and subject in sent to ops team. Query I have built in my logic app ...
- Take a look at the mv-expand operator and see if that will work for you. https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/mvexpandoperator
Take a look at the mv-expand operator and see if that will work for you. https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/mvexpandoperator