Anteckning
Åtkomst till den här sidan kräver auktorisering. Du kan prova att logga in eller ändra kataloger.
Åtkomst till den här sidan kräver auktorisering. Du kan prova att ändra kataloger.
Information om hur du använder dessa frågor i Azure Portal finns i Log Analytics-självstudien. Information om REST-API:et finns i Fråga.
Säkerhetsuppdateringar saknas eller viktiga uppdateringar saknas
Räkna hur många säkerhetsuppdateringar eller andra kritiska uppdateringar som saknas.
// To create an alert for this query, click '+ New alert rule'
Update
| where Classification in ("Security Updates", "Critical Updates")
| where UpdateState == 'Needed' and Optional == false and Approved == true
| summarize count() by Classification, Computer, _ResourceId
// This query requires the Security or Update solutions
Tillgängliga uppdateringar för Windows-datorer
Visa en lista över de Windows-uppdaterings-KBID:er som är tillgängliga efter deras klassificering och för varje dator.
// To create an alert for this query, click '+ New alert rule'
Update
| where TimeGenerated>ago(14h)
| where UpdateState =~ "Needed" and OSType != "Linux"
| summarize by Computer, Classification, Product, KBID, ResourceId
Tillgängliga uppdateringar för Linux-datorer
Visa en lista över uppdateringar av Linux-paketversionen som är tillgängliga efter deras klassificering och för varje dator.
// To create an alert for this query, click '+ New alert rule'
Update
| where TimeGenerated>ago(14h)
| where UpdateState =~ "Needed" and OSType == "Linux"
| summarize by Computer, Classification, Product, ProductVersion, ResourceId
Sammanfattning av saknade uppdateringar
Få en sammanfattning av saknade uppdateringar efter kategori.
Update
| where TimeGenerated>ago(5h) and OSType=="Linux" and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification) by Computer, SourceComputerId, Product, ProductArch
| where UpdateState=~"Needed"
| summarize by Product, ProductArch, Classification
| union (Update
| where TimeGenerated>ago(14h) and OSType!="Linux" and (Optional==false or Classification has "Critical" or Classification has "Security") and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Approved) by Computer, SourceComputerId, UpdateID
| where UpdateState=~"Needed" and Approved!=false
| summarize by UpdateID, Classification )
| summarize allUpdatesCount=count(), criticalUpdatesCount=countif(Classification has "Critical"), securityUpdatesCount=countif(Classification has "Security"), otherUpdatesCount=countif(Classification !has "Critical" and Classification !has "Security")
Uppdateringslista saknas
Hämta en lista över alla uppdateringar som saknas.
Update
| where TimeGenerated>ago(5h) and OSType=="Linux" and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, BulletinUrl, BulletinID) by SourceComputerId, Product, ProductArch
| where UpdateState=~"Needed"
| project-away UpdateState, TimeGenerated
| summarize computersCount=dcount(SourceComputerId, 2), ClassificationWeight=max(iff(Classification has "Critical", 4, iff(Classification has "Security", 2, 1))) by id=strcat(Product, "_", ProductArch), displayName=Product, productArch=ProductArch, classification=Classification, InformationId=BulletinID, InformationUrl=tostring(split(BulletinUrl, ";", 0)[0]), osType=1
| union(Update
| where TimeGenerated>ago(14h) and OSType!="Linux" and (Optional==false or Classification has "Critical" or Classification has "Security") and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Title, KBID, PublishedDate, Approved) by Computer, SourceComputerId, UpdateID
| where UpdateState=~"Needed" and Approved!=false
| project-away UpdateState, Approved, TimeGenerated
| summarize computersCount=dcount(SourceComputerId, 2), displayName=any(Title), publishedDate=min(PublishedDate), ClassificationWeight=max(iff(Classification has "Critical", 4, iff(Classification has "Security", 2, 1))) by id=strcat(UpdateID, "_", KBID), classification=Classification, InformationId=strcat("KB", KBID), InformationUrl=iff(isnotempty(KBID), strcat("https://support.microsoft.com/kb/", KBID), ""), osType=2)
| sort by ClassificationWeight desc, computersCount desc, displayName asc
| extend informationLink=(iff(isnotempty(InformationId) and isnotempty(InformationUrl), toobject(strcat('{ "uri": "', InformationUrl, '", "text": "', InformationId, '", "target": "blank" }')), toobject('')))
| project-away ClassificationWeight, InformationId, InformationUrl
Dator med saknade uppdateringar
Alla datorer med saknade uppdateringar.
// To create an alert for this query, click '+ New alert rule'
Update
|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false"
| project TimeGenerated, Computer, Title, KBID, Classification, MSRCSeverity, PublishedDate, _ResourceId
| sort by TimeGenerated desc
Nödvändiga uppdateringar saknas för servern
Uppdateringar saknas för en specifik dator "ComputerName" (ersätt med ditt eget datornamn).
// To create an alert for this query, click '+ New alert rule'
let ComputerName = "Enter your computer name here";
Update
|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" and Computer == ComputerName
| project TimeGenerated, Computer, Title, KBID, Product, MSRCSeverity, PublishedDate, _ResourceId
| sort by TimeGenerated desc
Viktiga säkerhetsuppdateringar saknas
Alla datorer som saknar viktiga uppdateringar eller säkerhetsuppdateringar.
// To create an alert for this query, click '+ New alert rule'
Update
|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" and (Classification == "Security Updates" or Classification == "Critical Updates")
| sort by TimeGenerated desc
Säkerhet saknas eller är kritisk där uppdateringen är manuell
Kritiska uppdateringar eller säkerhetsuppdateringar som krävs av datorer där uppdateringar tillämpas manuellt.
// To create an alert for this query, click '+ New alert rule'
Update
| where OSType != "Linux" and UpdateState == "Needed" and Optional == "false"
|where (Classification == "Security Updates" or Classification == "Critical Updates")
| join kind=inner (UpdateSummary |where WindowsUpdateSetting == "Manual" |distinct Computer) on Computer
| distinct KBID, Computer, _ResourceId
Saknade samlade uppdateringar
Alla datorer med saknade samlade uppdateringar.
// To create an alert for this query, click '+ New alert rule'
Update
| where OSType != "Linux" and Optional == "false" and Classification == "Update Rollups" and UpdateState == "Needed"
| project TimeGenerated, Computer, Title, KBID, Classification, MSRCSeverity, PublishedDate, _ResourceId
| sort by TimeGenerated desc
Distinkta uppdateringar som saknas mellan datorer
Distinkta uppdateringar som saknas på alla datorer.
// To create an alert for this query, click '+ New alert rule'
Update
| where OSType != "Linux" and UpdateState == "Needed" and Optional == "false"
| distinct Title, Computer, _ResourceId