Forum Discussion
KQL Queries
Hi team, Please help me write a KQL query which reflects the devices which are missing windows security patches, the condition i want to apply here is, i need the device's sensor health="Active" a...
Rod_Trent
Microsoft
MicrosoftI cheated by asking Copilot for Security for the KQL query, but try the following:
DeviceInfo
| where SensorHealthState == 'Active' and OnboardingStatus == 'Onboarded'
| join kind=inner (DeviceTvmSoftwareVulnerabilities) on DeviceId
| summarize by DeviceId, DeviceName, OSPlatform, RecommendedSecurityUpdate
DeviceInfo
| where SensorHealthState == 'Active' and OnboardingStatus == 'Onboarded'
| join kind=inner (DeviceTvmSoftwareVulnerabilities) on DeviceId
| summarize by DeviceId, DeviceName, OSPlatform, RecommendedSecurityUpdate
Can you also help with a query to pull the top links for the last 30 days?
- You didnt mention the Table or Column, but the syntax would be along these lines:
EmailUrlInfo
| summarize count() by Url
| top 10 by count_
| order by count_ desc
