cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WorkStation Device uptime

MattBurrows
Brass Contributor

‎Jan 24 2022 08:37 AM

‎Jan 24 2022 08:37 AM

WorkStation Device uptime

Hi Guys,

 

Has anyone created a query to show the uptime or last restart on workstations? For Cloud Resources you have UpdateSummary, but looking for all endpoint devices.

 

Cant seem to see anything to pull this info.

2,208 Views
0 Likes
1 Reply
Reply
1 Reply
Clive_Watson

‎Jan 24 2022 08:50 AM

‎Jan 24 2022 08:50 AM

Re: WorkStation Device uptime

If you have MDE and the DeviceInfo table in Sentinel? See https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries/blob/d6da8647e41b6862278f50d7227... you could modify this - note Timestamp may need changing to TimeGenerated.
1 Like
Reply