Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.
We are running into a row limitation with Advanced Hunting, 10,000 limitation, and it is our understanding we can get up to 100,000 rows with Power BI. Will we be able to connect, and how, to our Advanced Hunting workspace from Azure ATP?
Solved! Go to Solution.
Well, I think I found the api for O365 security:
https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-advanced-hunting?view=o365-worldwide
Hope this helps others.
Well, I think I found the api for O365 security:
https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-advanced-hunting?view=o365-worldwide
Hope this helps others.
Hi @snteran ,
Glad to hear the issue is solved. You can accept your reply as solution, that way, other community members could easily find the answer when they get same issues.
Best Regards,
Community Support Team _ Yingjie Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
well, I think I found the issue as far as connecting Power BI to the correct Advanced Hunting schema.
it appears there is not an api created from Power BI to https://security.microsoft.com/advanced-hunting
I guess we will need to see how to collect the data into a cluster someone and then connect to the cluster to run our query for Failed Logon.
Any advice/suggestions would be appreciated.
Cheers,
Serge
Hi @snteran ,
Maybe you can refer this blog and sample queries:
Best Regards,
Community Support Team _ Yingjie Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.
the TVM_Export_API returns no rersults set after refreshing that table. it's empty. anybody has an idea why this is happeneing
Thanks for the suggestion. I tried to add to my query but got syntax error.
Query > security.microsoft.com > advanced hunting:
IdentityLogonEvents
| where LogonType == "Failed logon" and isnotempty(AccountName)
| project LogonTime = Timestamp, LogonType, Application, FailureReason, AccountName, AccountUpn, DeviceName, DestinationDeviceName
Not sure there is a way to add the properties, I'll try a few other ways but I'm not an KQL guru.
Cheers,
Serge
Hrm... not too familar with ATP.
You could try changing:
[Query=[key=AdvancedHuntingQuery]]
to:
[Query=[key=AdvancedHuntingQuery, properties=[Options=[truncationmaxrecords=100000]]]]
Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City
Check out the April 2024 Power BI update to learn about new features.