KQL Queries

Copper Contributor

Hi team,

Please help me write a KQL query which reflects the devices which are missing windows security patches, the condition i want to apply here is, i need the device's sensor health="Active" and Onboarding status="Onboarded".
right now i am using " 

DeviceTvmSoftwareVulnerabilities  
| where RecommendedSecurityUpdate endswith "August 2024 security updates"
| where DeviceName contains "xyz"
| summarize by DeviceId, DeviceName, RecommendedSecurityUpdate, OSPlatform

"
Please help me out!
Thanks in advance! 🙂

3 Replies
I cheated by asking Copilot for Security for the KQL query, but try the following:

DeviceInfo
| where SensorHealthState == 'Active' and OnboardingStatus == 'Onboarded'
| join kind=inner (DeviceTvmSoftwareVulnerabilities) on DeviceId
| summarize by DeviceId, DeviceName, OSPlatform, RecommendedSecurityUpdate
Can you also help with a query to pull the top links for the last 30 days?
You didnt mention the Table or Column, but the syntax would be along these lines:

EmailUrlInfo
| summarize count() by Url
| top 10 by count_
| order by count_ desc