User Profile

maheshtata

Copper Contributor

Joined Oct 27, 2022

3 Posts

View All Badges

User Widgets

Recent Discussions

Re: Run query for multiple IP
if i move them to array then the query is not working
Oct 31, 2022 Place Microsoft Sentinel
5.1KViews
0likes
0Comments
Re: Run query for multiple IP
mikhailf Thank you for supporting
Oct 30, 2022 Place Microsoft Sentinel
5.4KViews
0likes
2Comments
Run query for multiple IP
I am trying to run the query in the logic app for a security incident in sentinel. what I expect this query to do is give the result of multiple IP associated with the incident. SigninLogs |where UserPrincipalName contains "Account Name" and IPaddress =="A list of IPs associated with the alert " and DeviceDetails.isCompliant == True |summarize by UserPrincalName,IPAddress,tostring(DeviceDetail) Error: ExpressionEvaluationFailed. The execution of template action 'For_each_3' failed: the result of the evaluation of 'foreach' expression '@body('Entities_-_Get_IPs')' is of type 'Object'. The result must be a valid array.
Oct 27, 2022 Place Microsoft Sentinel
KQL
playbooks
siem
soar
5.6KViews
0likes
4Comments

Recent Blog Articles

No content to show