Skip to main content
Solved

KQL Queries in Azure?

  • April 24, 2025
  • 3 replies
  • 79 views
mccrilb
Forum|alt.badge.img+12

for example:

AzureActivity
| where Caller in (```user```)
| where SubscriptionId == "subscriptionID"
| where ResourceGroup in (```Resource Group```)

 

Is there a way to do this now, or a feature in the works? We use KQL queries in "Execute a custom hunting query in Microsoft 365 Defender." We have a need to also be able to run them in Azure

Best answer by Dmitry_Sarakeev

Hi, we have a run KQL query under the Microsoft Sentinel integration - https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/microsoft-azure-sentinel#run_a_kql_query

 

 

3 replies

Dmitry_Sarakeev
Staff
Forum|alt.badge.img+9

Hi, we have a run KQL query under the Microsoft Sentinel integration - https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/microsoft-azure-sentinel#run_a_kql_query

 

 

    mccrilb
    Forum|alt.badge.img+12
    • mccrilbSilver 2
    • Author
    • Silver 2
    • April 24, 2025

    Hi, we have a run KQL query under the Microsoft Sentinel integration - https://cloud.google.com/chronicle/docs/soar/marketplace-integrations/microsoft-azure-sentinel#run_a_kql_query

     

     


    Will that work even though we don't run Microsoft Sentinel? 

    mccrilb
    Forum|alt.badge.img+12
    • mccrilbSilver 2
    • Author
    • Silver 2
    • April 24, 2025

    Thanks! I took a look and I think this will work!

    Terms & ConditionsCookie settingsAccessibility statement
    Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

    © 2025 Google. All rights reserved.