greenfingerboy
commented
4 years ago There are changes to the query i havent solved them all but this might help Optimized_Blog advanted hunting Query = "DeviceInfo | where Timestamp >= ago(7d) | distinct DeviceId, DeviceName, ClientVersion, PublicIP, OSArchitecture, OSPlatform, OSBuild, IsAzureADJoined, LoggedOnUsers, RegistryDeviceTag, ReportId, OSVersion, MachineGroup",
BadExample_Blog Query = "DeviceInfo | where Timestamp >= ago(7d)",
Note machine info is now DeviceInfo, Eventtime is now Timestamp
This file was originally working fine, but now when I open it an do a refresh of the MDATP_ASR_rules_in_audit_mode_sample__v1.pbit file I get the error
"Web.Contents failed to get contents from 'https://api.securitycenter.windows.com/api/advancedqueries?key=MiscEvents%0D%0A%7C%20where%20%ActionType%20startswith%20%Asr%27%29%20and%20ActionType%20endswith%20%27Audited%27%20' (400): Bad Request"
Please advise. Thanks team.