IAintShootinMis · @iaintshootinmis
512 followers · 369 posts · Server digitaldarkage.ccI need some help from anyone using #MSSentinel or #KQL or #KustoQueryLanguage
In Sentinel, I'm creating the below query, but being told the variable I'm assigning isn't the name of a known function table or variable. I don't need insight on a different way to write the statement, just to understand why it won't work.
`let names = dynamic(["Admin1","Admin2"]);
AuditLogs
|where Principal in (names)`
The same query works in LogAnalytics without issue. I'm losing my mind.
#mssentinel #kql #kustoquerylanguage
F0rm4t · @F0rm4t
8 followers · 12 posts · Server infosec.exchange
Amazing #ChatGPT, I asked for a #KQL #query and this is the result
👇
#OpenAI #MicrosoftSentinel #azure #AI #microsoft #chatbot #supervisedlearning #sentinel #siem #soar #kusto #kustoquerylanguage
#chatgpt #KQL #query #openai #MicrosoftSentinel #azure #ai #microsoft #chatbot #SupervisedLearning #sentinel #siem #soar #kusto #kustoquerylanguage