RE: Tracking Security Incidents linked to an Intune device

JMSHW0420 · ‎Feb 10 2023

Hello,

I already have a similar request asking about this but wanted to change the scoping of the query being asked.

Is it possible with KQL to 'track' ANY Security Incidents (primarily generated from an Analytics Rule) that are associated or linked to an 'Intune' Device?

I know the 'SecurityIncident' table can locate the 'Incidents' but which table(s) can I perform a JOIN on to find those Incidents associated with an 'Intune' Device?

Clive_Watson · ‎Feb 10 2023

https://azurecloudai.blog/2021/01/25/how-to-connect-the-new-intune-devices-log-azure-sentinel/

Products (66)

Special Topics (44)

Video Hub (444)

Most Active Hubs

Most Active Hubs

Video Hub

RE: Tracking Security Incidents linked to an Intune device

RE: Tracking Security Incidents linked to an Intune device

Re: RE: Tracking Security Incidents linked to an Intune device