Feb 01 2021 02:51 AM
hi - how can i query using either sentinel or kql the data witin defender for identity. i want to do some analysis on our service accounts and the data will help with this. thanks
View best response
Feb 01 2021 05:03 AM
@Sanjit Hayer You can use Advanced Hunting feature from Microsoft 365 Security Portal - https://security.microsoft.com/advanced-hunting
You'll find tables for IdentityInfo, IdentitylogonEvents, IdentityQueryEvents and IdentityDirectoryEvents.
These tables can be used to create relevant KQL queries.
Aug 01 2021 05:14 PM
New writeup on IdentityInfo from Itay Argoetyhttps://techcommunity.microsoft.com/t5/azure-sentinel/what-s-new-identityinfo-table-is-now-in-public...
Oct 01 2021 04:19 AM
Oct 01 2021 04:54 AM
View solution in original post
