Forum Discussion
Advance Hunting - SCID
Hi, Where can I find a reference sheet/document for the SCID's used in below query. I have searched pretty much everywhere but haven't been able find anything on this. It would be great if someon...
Hi,
The best way I found was to pull the data directly from Defender by joining DeviceTvmSecureConfigurationAssessment & DeviceTvmSecureConfigurationAssessmentKB. Then I exported the list to Excel for reference.
DeviceTvmSecureConfigurationAssessment
| join kind=leftouter (
DeviceTvmSecureConfigurationAssessmentKB
| project ConfigurationId, ConfigurationName, ConfigurationDescription, RiskDescription, ConfigurationImpact
) on ConfigurationId
| distinct ConfigurationId, ConfigurationName, ConfigurationCategory, ConfigurationSubcategory, ConfigurationDescription, RiskDescription, ConfigurationImpact
Please note that I am very new to kusto - and data quering in general - so the report is likely not optimized, but it gave me what I needed
The best way I found was to pull the data directly from Defender by joining DeviceTvmSecureConfigurationAssessment & DeviceTvmSecureConfigurationAssessmentKB. Then I exported the list to Excel for reference.
DeviceTvmSecureConfigurationAssessment
| join kind=leftouter (
DeviceTvmSecureConfigurationAssessmentKB
| project ConfigurationId, ConfigurationName, ConfigurationDescription, RiskDescription, ConfigurationImpact
) on ConfigurationId
| distinct ConfigurationId, ConfigurationName, ConfigurationCategory, ConfigurationSubcategory, ConfigurationDescription, RiskDescription, ConfigurationImpact
Please note that I am very new to kusto - and data quering in general - so the report is likely not optimized, but it gave me what I needed
Great stuff. I was looking for the same things the OP was. Thank you for sharing this.