Skip to content
Sample KQL queries for Azure Log Analytics against Office 365 audit logs.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
Queries
.gitignore
CONTRIBUTING.md
LICENSE
README.md

README.md

log-analytics-samples

Sample KQL queries for Azure Log Analytics against Office 365 audit logs and Azure AD Audit or Sign-in logs.

Getting started with Azure Log Analytics / Azure Sentinel

KQL queries

Note Recommend installing Azure Log Analytics / Kusto Syntax Highlighting extension for Visual Studio Code to easily view KQL queries.

Resources

Kusto Query Language overview

Disclaimer

Microsoft provides programming examples for illustration only, without warranty either expressed or implied, including, but not limited to, the implied warranties of merchantability and/or fitness for a particular purpose. We grant You a nonexclusive, royalty-free right to use and modify the Sample Code and to reproduce and distribute the object code form of the Sample Code, provided that You agree: (i) to not use Our name, logo, or trademarks to market Your software product in which the Sample Code is embedded; (ii) to include a valid copyright notice on Your software product in which the Sample Code is embedded; and (iii) to indemnify, hold harmless, and defend Us and Our suppliers from and against any claims or lawsuits, including attorneys' fees, that arise or result from the use or distribution of the Sample Code.

You can’t perform that action at this time.