Notes
L’accès à cette page nécessite une autorisation. Vous pouvez essayer de vous connecter ou de modifier des répertoires.
L’accès à cette page nécessite une autorisation. Vous pouvez essayer de modifier des répertoires.
Pour plus d’informations sur l’utilisation de ces requêtes dans le Portail Azure, consultez le didacticiel Log Analytics. Pour l’API REST, consultez Requête.
Mises à jour de sécurité ou critiques manquantes
Comptez le nombre de mises à jour critiques ou de sécurité manquantes.
// To create an alert for this query, click '+ New alert rule'
Update
| where Classification in ("Security Updates", "Critical Updates")
| where UpdateState == 'Needed' and Optional == false and Approved == true
| summarize count() by Classification, Computer, _ResourceId
// This query requires the Security or Update solutions
Mises à jour disponibles pour les machines Windows
Répertoriez les KBID windows update disponibles par leur classification et pour chaque ordinateur.
// To create an alert for this query, click '+ New alert rule'
Update
| where TimeGenerated>ago(14h)
| where UpdateState =~ "Needed" and OSType != "Linux"
| summarize by Computer, Classification, Product, KBID, ResourceId
Mises à jour disponibles pour les machines Linux
Répertoriez les mises à jour de version du package Linux disponibles par leur classification et pour chaque ordinateur.
// To create an alert for this query, click '+ New alert rule'
Update
| where TimeGenerated>ago(14h)
| where UpdateState =~ "Needed" and OSType == "Linux"
| summarize by Computer, Classification, Product, ProductVersion, ResourceId
Récapitulatif des mises à jour manquantes
Obtenez un résumé des mises à jour manquantes par catégorie.
Update
| where TimeGenerated>ago(5h) and OSType=="Linux" and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification) by Computer, SourceComputerId, Product, ProductArch
| where UpdateState=~"Needed"
| summarize by Product, ProductArch, Classification
| union (Update
| where TimeGenerated>ago(14h) and OSType!="Linux" and (Optional==false or Classification has "Critical" or Classification has "Security") and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Approved) by Computer, SourceComputerId, UpdateID
| where UpdateState=~"Needed" and Approved!=false
| summarize by UpdateID, Classification )
| summarize allUpdatesCount=count(), criticalUpdatesCount=countif(Classification has "Critical"), securityUpdatesCount=countif(Classification has "Security"), otherUpdatesCount=countif(Classification !has "Critical" and Classification !has "Security")
Liste des mises à jour manquantes
Obtenez la liste de toutes les mises à jour manquantes.
Update
| where TimeGenerated>ago(5h) and OSType=="Linux" and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, BulletinUrl, BulletinID) by SourceComputerId, Product, ProductArch
| where UpdateState=~"Needed"
| project-away UpdateState, TimeGenerated
| summarize computersCount=dcount(SourceComputerId, 2), ClassificationWeight=max(iff(Classification has "Critical", 4, iff(Classification has "Security", 2, 1))) by id=strcat(Product, "_", ProductArch), displayName=Product, productArch=ProductArch, classification=Classification, InformationId=BulletinID, InformationUrl=tostring(split(BulletinUrl, ";", 0)[0]), osType=1
| union(Update
| where TimeGenerated>ago(14h) and OSType!="Linux" and (Optional==false or Classification has "Critical" or Classification has "Security") and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Title, KBID, PublishedDate, Approved) by Computer, SourceComputerId, UpdateID
| where UpdateState=~"Needed" and Approved!=false
| project-away UpdateState, Approved, TimeGenerated
| summarize computersCount=dcount(SourceComputerId, 2), displayName=any(Title), publishedDate=min(PublishedDate), ClassificationWeight=max(iff(Classification has "Critical", 4, iff(Classification has "Security", 2, 1))) by id=strcat(UpdateID, "_", KBID), classification=Classification, InformationId=strcat("KB", KBID), InformationUrl=iff(isnotempty(KBID), strcat("https://support.microsoft.com/kb/", KBID), ""), osType=2)
| sort by ClassificationWeight desc, computersCount desc, displayName asc
| extend informationLink=(iff(isnotempty(InformationId) and isnotempty(InformationUrl), toobject(strcat('{ "uri": "', InformationUrl, '", "text": "', InformationId, '", "target": "blank" }')), toobject('')))
| project-away ClassificationWeight, InformationId, InformationUrl
Ordinateur avec mises à jour manquantes
Tous les ordinateurs avec des mises à jour manquantes.
// To create an alert for this query, click '+ New alert rule'
Update
|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false"
| project TimeGenerated, Computer, Title, KBID, Classification, MSRCSeverity, PublishedDate, _ResourceId
| sort by TimeGenerated desc
Mises à jour requises manquantes pour le serveur
Mises à jour manquantes pour un ordinateur spécifique « ComputerName » (remplacez par votre propre nom d’ordinateur).
// To create an alert for this query, click '+ New alert rule'
let ComputerName = "Enter your computer name here";
Update
|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" and Computer == ComputerName
| project TimeGenerated, Computer, Title, KBID, Product, MSRCSeverity, PublishedDate, _ResourceId
| sort by TimeGenerated desc
Mises à jour de sécurité critiques manquantes
Tous les ordinateurs qui manquent des mises à jour critiques ou des mises à jour de sécurité.
// To create an alert for this query, click '+ New alert rule'
Update
|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" and (Classification == "Security Updates" or Classification == "Critical Updates")
| sort by TimeGenerated desc
Sécurité manquante ou critique où la mise à jour est manuelle
Mises à jour critiques ou de sécurité requises par les machines où les mises à jour sont appliquées manuellement.
// To create an alert for this query, click '+ New alert rule'
Update
| where OSType != "Linux" and UpdateState == "Needed" and Optional == "false"
|where (Classification == "Security Updates" or Classification == "Critical Updates")
| join kind=inner (UpdateSummary |where WindowsUpdateSetting == "Manual" |distinct Computer) on Computer
| distinct KBID, Computer, _ResourceId
Correctifs cumulatifs manquants
Ensemble des ordinateurs avec des correctifs cumulatifs.
// To create an alert for this query, click '+ New alert rule'
Update
| where OSType != "Linux" and Optional == "false" and Classification == "Update Rollups" and UpdateState == "Needed"
| project TimeGenerated, Computer, Title, KBID, Classification, MSRCSeverity, PublishedDate, _ResourceId
| sort by TimeGenerated desc
Mises à jour manquantes distinctes entre ordinateurs
Mises à jour manquantes distinctes sur tous les ordinateurs.
// To create an alert for this query, click '+ New alert rule'
Update
| where OSType != "Linux" and UpdateState == "Needed" and Optional == "false"
| distinct Title, Computer, _ResourceId