Apr 07 2023 08:35 AM - edited Apr 07 2023 11:46 AM
So with a base KQL query of:
union withsource= table *
...is there a way to query each table in Microsoft Sentinel and identify each EVENT type used within it?
So listed as...
Table 1...
...event type 1 (count)
...event type 2 (count)
Table 2...
...event type 1 (count)
...event type 2 (count)
etc...
Apr 11 2023 02:33 AM