Saturday, May 17, 2025

Build+Break+Secure

Learn by building. Master by breaking. Secure by obsession.

Build+Break+Secure

Learn by building. Master by breaking. Secure by obsession.

Kusto Query LanguageMicrosoft SentinelSECURE

Visualize User Risk In The Last 90 Days

Wayne Andes 2 min read

Description

This KQL query visualization list the User Risk Events that have triggered in the last 90 days. The count per day is classified by the RiskEventType, those can among others be:

  • AnonymizedIPAddress
  • NewCountry
  • UnfamliliarFeatures

This visualization can give insight in the amount of risky events that have happened.

Query

Microsoft Sentinel
Kusto
AADUserRiskEvents
| where TimeGenerated > ago(90d)
| summarize count() by bin(TimeGenerated, 1d), RiskEventType
| render columnchart

References

You May Also Like

List Data Connector Changed From Success To Failed State

Wayne Andes

List QR Code URLs in Delivered Inbound Email Messages Detected By by Microsoft Defender XDR

Wayne Andes

List Cloud Discovery Performed By User At Risk

Wayne Andes

Leave a Reply

Your email address will not be published. Required fields are marked *