Forum Discussion

marktait19's avatar
marktait19
Copper Contributor
Jan 25, 2023

KQL to filter by Tags - is it possible?

Hi - is it possible within Advanced Hunting, to filter based on an associated Tag?

 

I have added a "where Tag..." in the KQL below, but I can't actually see where the Tags are held and how to filter.

 

Any help would be appreciated,

 

Thanks, Mark

 

DeviceNetworkInfo
| join DeviceTvmSoftwareVulnerabilities on DeviceId
| join DeviceTvmSoftwareVulnerabilitiesKB on CveId
| where Tag has_any (
"tag1",
"tag2"
)
  • KarlMZA's avatar
    KarlMZA
    Copper Contributor
    Have you tried it via DeviceInfo and then using MachineGroup ?
    • marktait19's avatar
      marktait19
      Copper Contributor

      Hi KarlMZA - I can't see MachineGroup as a table. Do I need specific permissions to view it?

       

      Thank you,

       

      Mark

      • marktait19's avatar
        marktait19
        Copper Contributor
        Thanks for your help.

        In our instance, MachineGroup is blank for all devices - so the "Tag" must be stored somewhere else in our case.

        Thank you for trying to help though,

        Cheers, Mark

Resources