Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug Report #179

Open
secalert170925 opened this issue May 19, 2021 · 2 comments
Open

Bug Report #179

secalert170925 opened this issue May 19, 2021 · 2 comments

Comments

@secalert170925
Copy link

Environment

Windows build number: Microsoft Windows [Version 10.0.19042.985]
PowerShell version (if applicable): 7.1.3

Steps to reproduce

Run "Get-AzSentinelHuntingRule".

Expected behavior

Hunting Rule information is output.

Actual behavior

Log Analytics workspace function information is output.
@pemontto
Copy link
Contributor

Can you provide more detail, what was the output? What was the full command you ran?

@secalert170925
Copy link
Author

secalert170925 commented May 26, 2021
edited
Loading

I ran bellow command.

Get-AzSentinelHuntingRule -WorkspaceName $WorkSpaceName -SubscriptionId $SubscriptionId | format-table

And its output is bellow.

Category DisplayName Query

function testFunction2 Heartbeat…
TEST testFunction dynamic({…
Log Management All Events Event | sort by TimeGenerated desc…
Log Management Count of Events containing the word "started" grouped by EventID search in (Event) "started" | summarize AggregatedValue = count() by EventID…
Log Management Count of Events grouped by Event Log Event | summarize AggregatedValue = count() by EventLog…
Log Management Count of Events grouped by Event Source Event | summarize AggregatedValue = count() by Source…
Log Management Count of Events grouped by Event ID Event | summarize AggregatedValue = count() by EventID…
Log Management All Events with level "Warning" Event | where EventLevelName == "warning" | sort by TimeGenerated desc…
Log Management Count of Events with level "Warning" grouped by Event ID Event | where EventLevelName == "warning" | summarize AggregatedValue = count() by EventID…
Log Management How many connections to Operations Manager's SDK service by day Event | where EventID == 26328 and EventLog == "Operations Manager" | summarize AggregatedValue = count() by bin(TimeGe…
Log Management Events in the Operations Manager Event Log whose Event ID is in the range between 2000 and 3000 Event | where EventLog == "Operations Manager" and EventID >= 2000 and EventID <= 3000 | sort by TimeGenerated desc…
Log Management When did my servers initiate restart? search in (Event) "shutdown" and EventLog == "System" and Source == "User32" and EventID == 1074 | sort by TimeGenerate…
Log Management Windows Firewall Policy settings have changed Event | where EventLog == "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" and EventID == 2008 | so…
Log Management On which machines and how many times have Windows Firewall Policy settings changed Event | where EventLog == "Microsoft-Windows-Windows Firewall With Advanced Security/Firewall" and EventID == 2008 | su…
Log Management All IIS Log Entries search * | extend Type = $table | where Type == W3CIISLog | sort by TimeGenerated desc…
Log Management Shows breakdown of response codes search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = count() by scStatus…
Log Management Find the maximum time taken for each page search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = max(TimeTaken) by csUriStem…
Log Management Shows which pages people are getting a 404 for search scStatus == 404 | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = count() by csUriS…
Log Management Average HTTP Request time by HTTP Method search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = avg(TimeTaken) by csMethod…
Log Management Shows servers that are throwing internal server error search scStatus == 500 | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = count() by sCompu…
Log Management Count of IIS Log Entries by HTTP Request Method search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = count() by csMethod…
Log Management Count of IIS Log Entries by HTTP User Agent search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = count() by csUserAgent…
Log Management Count of IIS Log Entries by Client IP Address search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = count() by cIP…
Log Management IIS Log Entries for a specific client IP Address (replace with your own) search cIP == "192.168.0.1" | extend Type = $table | where Type == W3CIISLog | sort by TimeGenerated desc | project csU…
Log Management Count of IIS Log Entries by URL requested by client (without query strings) search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = count() by csUriStem…
Log Management Count of IIS Log Entries by Host requested by client search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = count() by csHost…
Log Management Count of IIS Log Entries by URL for the host "www.contoso.com" (replace with your own) search csHost == "www.contoso.com" | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = count…
Log Management Total Bytes sent by Client IP Address search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = sum(csBytes) by cIP…
Log Management Total Bytes received by each Azure Role Instance search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = sum(csBytes) by RoleInstance…
Log Management Total Bytes received by each IIS Computer search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = sum(csBytes) by Computer | limi…
Log Management Total Bytes responded back to clients by each IIS ServerIP Address search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = sum(scBytes) by sIP…
Log Management Total Bytes responded back to clients by Client IP Address search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = sum(scBytes) by cIP…
Log Management Average HTTP Request time by Client IP Address search * | extend Type = $table | where Type == W3CIISLog | summarize AggregatedValue = avg(TimeTaken) by cIP…
Log Management All Syslogs Syslog | sort by TimeGenerated desc…
Log Management All Syslog Records with Errors Syslog | where SeverityLevel == "error" | sort by TimeGenerated desc…
Log Management All Syslog Records grouped by Facility Syslog | summarize AggregatedValue = count() by Facility…
Log Management All Syslog Records grouped by ProcessName Syslog | summarize AggregatedValue = count() by ProcessName…
General Exploration Which Management Group is generating the most data points? search * | summarize AggregatedValue = count() by ManagementGroupName…
General Exploration Distribution of data Types search * | extend Type = $table | summarize AggregatedValue = count() by Type…
General Exploration All Computers with their most recent data search not(ObjectName == "Advisor Metrics" or ObjectName == "ManagedSpace") | summarize AggregatedValue = max(TimeGener…
General Exploration Stale Computers (data older than 24 hours) search not(ObjectName == "Advisor Metrics" or ObjectName == "ManagedSpace") | summarize lastdata = max(TimeGenerated) b…

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pemontto @secalert170925