User Profile
MartijnZwart
Copper Contributor
Joined May 10, 2022
User Widgets
Recent Discussions
Enrich table with entities from security incident
Hi, I want to create a extra colum for entity data from the incident, like host, ip and account. But i can't seem to get it working. What do i need to add to this query? SecurityIncident | where Severity in ({Severity}) or "*" in ({Severity}) | extend Tactics = todynamic(AdditionalData.tactics) | where Tactics in ({Tactics}) or "*" in ({Tactics}) | extend Owner = todynamic(Owner.assignedTo) | where Owner in ({Owner}) or "*" in ({Owner}) | extend Product = todynamic((parse_json(tostring(AdditionalData.alertProductNames))[0])) | where Product in ({Product}) or "*" in ({Product}) | order by LastModifiedTime | project LastModifiedTime,IncidentNumber, Title, Status, Severity, Tactics, Classification, ClassificationReason,ClassificationComment | take 250 Thanks in advance2.1KViews0likes1Comment
Recent Blog Articles
No content to show