Dear Community,

We have created a log analytic rule which tracks the software installations. 

Below is the KQL Query:

ConfigurationChange

| where ConfigChangeType == "Software" | where ChangeCategory == "Added"
| extend AccountCustomEntity = Computer
| extend HostCustomEntity = SoftwareName
| extend IPCustomEntity = ConfigChangeType
| extend URLCustomEntity = PreviousAcls
| summarize count() by Computer, SoftwareType, SoftwareName, Previous, Current, Publisher
| summarize count() by SoftwareName, Publisher, Computer 

The issue is we are unable to identify the exact file path/the user details who installed this/unable to find it in control panel-->programs

Can someone help on this. @TomMcElroy