Monitor App activity with Sentinel

Occasional Contributor

Anyone could share info if there is a way to monitor activity for Enterprise Apps using Sentinel? Basically to understand if Enterprise App has been used lately. 

2 Replies

Hi @marka01 


Not sure if this is what you are looking:



This is just a simple query to get errors and success logging activity per Application, probably you need to narrow down your specific application.




let Long = ago(30d);
| where TimeGenerated > Long
| project AppDisplayName, ResultType
| extend Successful=iff(ResultType == "0" , 1 , 0)
| extend Falied=iff(ResultType != "0" , 1 , 0)
| extend Counter=1
| summarize SuccessCount=sum(Successful), FailedCount=sum(Falied) by AppDisplayName


Hope it helps

Do you use Defender for Cloud Apps? If so you can connect and ingest the Cloud Discovery Logs and then monitor any apps including enterprise Apps.