Im new to Senteinel and I would like to know how to run a KQL query to list all the devices that have been connected to my senteniel instance

Andrew Johnston 1 Reputation point
2022-10-24T01:17:23.24+00:00

We had a third party provider perform the basic setup of our Sentinel instance:

Can someone step me through how to run a KQL query (including the query syntax) to retrieve a list of hosts (Windows VM's external Microsoft hosts and lynux hosts that they have installed the agents on so that I can continue on the devices they have not done yet

I need
1 The query syntax to run
2 a stepthrough guide as to where to run the query

Many thanks in advance

Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
993 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Clive Watson 5,716 Reputation points MVP
    2023-01-25T11:16:52.1+00:00

    I assume you have the answer by now, but just in case:

    Use the provided Workbook for this, from Sentinel --> Workbooks --> Templates --> "AMA Migration Tracker" - after deploying it (save) just select your Subscription (if you still need to know the syntax, you can edit the Workbook)

    0 comments