Forum Discussion
Hunting query which works on the Portal but not on Powershell
Hi, I have a need to extract all my vulnerabilities from Defender TVM and export do JSON or CSV. I've built an hunting query which gives at least the results consistently. I've got more than 200k vu...
dmarquesgn If I read https://learn.microsoft.com/en-us/azure/data-explorer/kusto/query/kql-quick-reference correctly,
| join | Merges the rows of two tables to form a new table by matching values of the specified column(s) from each table. Supports a full range of join types: flouter, inner, innerunique, leftanti, leftantisemi, leftouter, leftsemi, rightanti, rightantisemi, rightouter, rightsemi | LeftTable | join [JoinParameters] ( RightTable ) on Attributes |
Shouldn't it be like this?
$vulnUrl = '{ "query": "DeviceTvmSoftwareVulnerabilities | join [leftouter] (DeviceTvmSoftwareVulnerabilitiesKB) on CveId" }'
(Not an expert in this 😉 )
Thanks for your reply. I've tried that as well, but still get a (400) Bad Request.
So something is still not being parsed correctly for Defender.
