This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Check out the new Professional Security Operations Engineer certification beta!
Log in to ask a question

KQL Queries in Azure?

Posted on 04-24-2025 06:53 AM
mccrilb
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

for example:

AzureActivity
| where Caller in (```user```)
| where SubscriptionId == "subscriptionID"
| where ResourceGroup in (```Resource Group```)

 

Is there a way to do this now, or a feature in the works? We use KQL queries in "Execute a custom hunting query in Microsoft 365 Defender." We have a need to also be able to run them in Azure

Solved Solved
0 3 252
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
Dmitry_Sarakeev
Staff
Reply posted on --/--/---- --:-- AM

Hi, we have a run KQL query under the Microsoft Sentinel integration - https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/microsoft-azure-sentinel#run_a...

 

 

View solution in original post

Jump to Solution
3 REPLIES 3

Posted on --/--/---- --:-- AM
Dmitry_Sarakeev
Staff
Reply posted on --/--/---- --:-- AM

Hi, we have a run KQL query under the Microsoft Sentinel integration - https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/microsoft-azure-sentinel#run_a...

 

 

Jump to Solution

Posted on --/--/---- --:-- AM
mccrilb
Silver 1
Silver 1
In response to Dmitry_Sarakeev
Reply posted on --/--/---- --:-- AM

Will that work even though we don't run Microsoft Sentinel? 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
mccrilb
Silver 1
Silver 1
Reply posted on --/--/---- --:-- AM

Thanks! I took a look and I think this will work!

Jump to Solution
0 Likes
Top Solution Authors
View all