top of page
Search

KQL Query in Sentinel to generate report of Users and details the Authentication Methods they have u

SigninLogs | extend authenticationMethod_ = tostring(parse_json(AuthenticationDetails)[0].authenticationMethod) | extend authenticationMethodDetail_ = tostring(parse_json(AuthenticationDetails)[0].authenticationMethodDetail) | extend authenticationStepResultDetail_ = tostring(parse_json(AuthenticationDetails)[0].authenticationStepResultDetail) | extend authenticationStepRequirement_ = tostring(parse_json(AuthenticationDetails)[0].authenticationStepRequirement) | extend authenticationStepDateTime_ = tostring(parse_json(AuthenticationDetails)[0].authenticationStepDateTime) | where isnotempty(authenticationMethod_) | project UserDisplayName, UserPrincipalName, AppDisplayName, authenticationMethod_, authenticationMethodDetail_, authenticationStepRequirement_, authenticationStepDateTime_, Status | sort by authenticationStepDateTime_ desc

383 views0 comments

Recent Posts

See All

As a member of a Security Operations Center (SOC), one of the key responsibilities is to generate regular reports on incidents. These reports provide valuable insights into the security landscape and

bottom of page