Most RecentMost ViewedMost LikesKQL looking for Sysmon I'm trying to get a list of boxes that have sysmon running on them. Any reason this won't work? DeviceFileEvents | where FolderPath contains @"\Windows\System32\winevt\Logs" | where FileName contains @"Sysmon" | project DeviceName, FolderPath | limit 100 Thanks! Dropbox Uploads Hi, i'm trying to write a KQL query which allows me to monitor the file names being uploaded and downloaded to Dropbox. Can anyone help with this?
