Forum Discussion

Copper Contributor

Aug 18, 2020

Solved

Use "where contains" from a list

Hello, I have been trying to setup Linux audit logs in Azure Sentinel, using the OMS auditd parser found in the OMS agent. (Not AUOMS, which I can't use as I have isolated servers). Anyone wh...

kusto

mergene
Aug 18, 2020
you can use "not (fieldname has_any(dynamiclist))"

mergene

Copper Contributor

Aug 18, 2020

you can use "not (fieldname has_any(dynamiclist))"

rurno

Copper Contributor

Aug 19, 2020

mergene

It works! You're fantastic.

Glad to know that not would also work in this instance, I never even thought of it as a possibility.