Mirrors/marcredhat-kql
1
0
Fork 0
mirror of https://github.com/marcredhat/kql synced 2026-06-08 13:23:58 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
23cbaa9c08e081cbfa54c7ec8959f1d4fc78d7b4
marcredhat-kql/kql/04_daily_signin_location_trend.kql
T

11 lines
510 B
Plaintext
Raw Blame History

SigninLogs
| where TimeGenerated > ago(1d)
| extend locationString = strcat(tostring(LocationDetails["countryOrRegion"]), "/",
tostring(LocationDetails["state"]), "/", tostring(LocationDetails["city"]), ";")
| extend Day = format_datetime(TimeGenerated, "yyyy-MM-dd")
| summarize LocationList = make_set(locationString),
LocationCount = dcount(locationString),
DistinctSourceIp = dcount(IPAddress),
LogonCount = count()
by Day, AppDisplayName, UserPrincipalName
Reference in New Issue View Git Blame Copy Permalink