Function: AnonymizedMicrosoftGraphActivityLogs()

Query Information

Description

This function removes the Azure Ids from the MicrosoftGraphActivityLogs and replaces them with an Id of your liking. This allows you to easily share your screen without showing the particular groups/users that are being queries with the GraphApi.

References

https://learn.microsoft.com/en-us/graph/microsoft-graph-activity-logs-overview

Defender XDR

let AzureIdRegex = "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}";
let ReplacementId = "<--AnonymizedAzureId-->";
let AnonymizedMicrosoftGraphActivityLogs = () {
    MicrosoftGraphActivityLogs
    | extend RequestUri = replace_regex(RequestUri, AzureIdRegex, ReplacementId)
};
AnonymizedMicrosoftGraphActivityLogs

Sentinel

let AzureIdRegex = "[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}";
let ReplacementId = "<--AnonymizedAzureId-->";
let AnonymizedMicrosoftGraphActivityLogs = () {
    MicrosoftGraphActivityLogs
    | extend RequestUri = replace_regex(RequestUri, AzureIdRegex, ReplacementId)
};
AnonymizedMicrosoftGraphActivityLogs

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AnonymizedMicrosoftGraphActivityLogs.md

AnonymizedMicrosoftGraphActivityLogs.md

Function: AnonymizedMicrosoftGraphActivityLogs()

Query Information

Description

References

Defender XDR

Sentinel

Files

AnonymizedMicrosoftGraphActivityLogs.md

Latest commit

History

AnonymizedMicrosoftGraphActivityLogs.md

File metadata and controls

Function: AnonymizedMicrosoftGraphActivityLogs()

Query Information

Description

References

Defender XDR

Sentinel