![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 77%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
986 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Hi Sujit,
We might need more information about what you're asking for.
If I was looking for a FULL asset inventory of everything being collected by Sentinel I would need to scan all of the tables in the underlying workspace, and then use something like UNIONs to built a table of the results.
I would also need to know what field contains the asset name. This will vary depending on the log source/table.
If you have an EDR installed on all of your endpoints this is a great way to get a clear inventory of your endpoints.
For all mobile devices you could pull this information from the Azure AD table.
For all network devices you'd need them all logging to one of your tables.
Azure Arc and Defender for Cloud is a great tool for getting an inventory of all of your servers both on-prem and in cloud.
Microsoft encourages the ASIM data model but it's not used very much in practice by vendors.
If it was, we'd have a common field for the hostname in all tables and your question would be easy to answer! For now, I'd say building custom queries for each table and combining them with UNIONs might be the most practical way.
References:
[https://learn.microsoft.com/en-us/azure/defender-for-cloud/asset-inventory
[https://learn.microsoft.com/en-us/azure/sentinel/normalization
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)