Leer en inglés

Compartir a través de


Consultas para la tabla CloudAppEvents

Para obtener información sobre el uso de estas consultas en Azure Portal, consulte tutorial de Log Analytics. Para obtener la API REST, consulte Consulta.

Cambio de extensión de nombre de archivo

Mostrar archivos cuyo nombre se ha cambiado.

CloudAppEvents 
| where Application in ("Microsoft OneDrive for Business", "Microsoft SharePoint Online") and ActionType == "FileRenamed"
| extend NewFileNameExtension = tostring(RawEventData.DestinationFileExtension)
| extend OldFileNameExtension = tostring(RawEventData.SourceFileExtension)
| extend OldFileName = tostring(RawEventData.SourceFileName)
| extend NewFileName = tostring(RawEventData.DestinationFileName)
| where NewFileNameExtension == "doc" and OldFileNameExtension == "docx" 
| project RenameTime = Timestamp, OldFileNameExtension, OldFileName, NewFileNameExtension, NewFileName, ActionType, Application, AccountDisplayName, AccountObjectId
| join kind=inner (DeviceFileEvents 
| project FileName, AccountObjectId = InitiatingProcessAccountObjectId , DeviceName, SeenOnDevice = Timestamp, FolderPath) on $left.NewFileName == $right.FileName, AccountObjectId
| project RenameTime, NewFileName, OldFileName, Application, AccountObjectId, AccountDisplayName, DeviceName , SeenOnDevice, FolderPath 
| limit 100