How to write a kql comparing 2 different tables(signins, threatintelligence) to create alert if the sign in ip matches with the ip reported by threatintelligence.
Harish Menti
0
Reputation points
I tried multiple ways to join the tables but ended up getting multiple errors, and I am not able to call the table that I referred into a variable using the let operator after I refer other table after it. As I was not able to use the first defined variable as universal variable so I can call that variable after I refer another table of interest into another variable and compare both IPs. I finally would want the kql to raise alert if it sees sigins from ip that is reported in the threatintell
Sign in to answer