Sentinel-Queries icon indicating copy to clipboard operation
Sentinel-Queries copied to clipboard
verified publisher icon reprise99

Update Identity-DetectingFirstTimeAccesstoAzureManagement.kql

Open Bert-JanP opened this issue 2 years ago • 0 comments

Added extra context to the query by providing the Department and AccountCreationTime which can help to investigate incidents/hunts easily. Those two columns are needed to see if it is expected for such a department and/or if the user is recently added, and thus has never accessed a management portal before.

Bert-JanP avatar Jan 02 '24 18:01 Bert-JanP