User Profile

davinelm

Copper Contributor

Joined 3 years ago

4 Posts

View All Badges

User Widgets

Recent Discussions

Re: Quantity of bad emails vs legit email query
MichaelJMelone Yes! That did it. Thanks a lot!
Aug 10, 2022 Place Microsoft Defender XDR
2.2KViews
0likes
0Comments
Re: Quantity of bad emails vs legit email query
MichaelJMelone Thank you for your reply! I tried out this query and it returned the same result from my first query minus one row. From messing around with it some more it is turning out to be a bit of a mind bender (at least for a kql noob as myself). so just to clarify if i have columns Red, Blue, Yellow and Red and Blue and Yellow, with 1 count in each column, how to combine them in a new column called "Colors" with a count of all the 1s from each of the individual columns? As of now it works to massage the data in excel and open it in powerbi but eventually i'd like to automate this for reporting. Thanks again for your reply.
Aug 08, 2022 Place Microsoft Defender XDR
2.3KViews
0likes
2Comments
Quantity of bad emails vs legit email query
Hello, I'm trying to create a kql hunting query that will display the total number of bad emails (malware, spam, phishing) but am having some trouble combining the columns of various bad emails together in one and getting a total count. The screen grab below shows the first 6 columns that i want to collapse into. my query in total is this so far: let vip = pack_array("email address removed for privacy reasons"); EmailEvents | where RecipientEmailAddress has_any (vip) | project RecipientEmailAddress, ThreatTypes | evaluate pivot(ThreatTypes)
Solved
Aug 08, 2022 Place Microsoft Defender XDR
Microsoft Defender for Office 365
2.4KViews
0likes
4Comments
Re: Display user name in KQL Query
Just curious, did you ever figure this one out? Im running into the same issue.
Apr 29, 2022 Place Azure Observability
11KViews
0likes
1Comment

Groups

Recent Blog Articles

No content to show