Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Register now to learn Fabric in free live sessions led by the best Microsoft experts. From Apr 16 to May 9, in English and Spanish.

Reply
snteran
New Member

Power BI for Azure ATP advanced Hunting, query for Failed Logon

‎11-06-2020 10:35 AM

We are running into a row limitation with Advanced Hunting, 10,000 limitation, and it is our understanding we can get up to 100,000 rows with Power BI.  Will we be able to connect, and how, to our Advanced Hunting workspace from Azure ATP?

Labels:
Message 1 of 8
4,656 Views
0
1 ACCEPTED SOLUTION
snteran
New Member

‎11-10-2020 09:08 AM

Well, I think I found the api for O365 security:

 

https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-advanced-hunting?view=o365-worldwide

 

Hope this helps others.

View solution in original post

Message 7 of 8
4,555 Views
7 REPLIES 7
snteran
New Member

‎11-10-2020 09:08 AM

Well, I think I found the api for O365 security:

 

https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-advanced-hunting?view=o365-worldwide

 

Hope this helps others.

Message 7 of 8
4,556 Views
v-yingjl
Community Support
Community Support
In response to snteran

‎11-10-2020 09:36 PM

Hi @snteran ,

Glad to hear the issue is solved. You can accept your reply as solution, that way, other community members could easily find the answer when they get same issues.

Best Regards,
Community Support Team _ Yingjie Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 8 of 8
4,545 Views
0
snteran
New Member

‎11-06-2020 04:07 PM

well, I think I found the issue as far as connecting Power BI to the correct Advanced Hunting schema.

 

Looking at https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/api-power...

it appears there is not an api created from Power BI to https://security.microsoft.com/advanced-hunting 

 

I guess we will need to see how to collect the data into a cluster someone and then connect to the cluster to run our query for Failed Logon.

 

Any advice/suggestions would be appreciated.

 

Cheers,

Serge

Message 4 of 8
4,601 Views
0
v-yingjl
Community Support
Community Support
In response to snteran

‎11-08-2020 11:40 PM

Hi @snteran ,

Maybe you can refer this blog and sample queries:

  1. Create custom reports using Microsoft Defender ATP APIs and Power BI 
  2. Microsoft Defender ATP Advanced Hunting (AH) sample queries 

 

Best Regards,
Community Support Team _ Yingjie Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

Message 5 of 8
4,570 Views
aaarmstee67
Helper I
Helper I
In response to v-yingjl

‎07-09-2021 09:53 AM

the TVM_Export_API returns no rersults set after refreshing that table. it's empty. anybody has an idea why this is happeneing

 

Message 6 of 8
3,797 Views
0
snteran
New Member

‎11-06-2020 02:17 PM

Thanks for the suggestion.  I tried to add to my query but got syntax error.

 

Query > security.microsoft.com > advanced hunting:

IdentityLogonEvents

| where LogonType == "Failed logon" and isnotempty(AccountName)

| project LogonTime = Timestamp, LogonType, Application, FailureReason, AccountName, AccountUpn, DeviceName, DestinationDeviceName

 

Not sure there is a way to add the properties, I'll try a few other ways but I'm not an KQL guru.

 

Cheers,

Serge

Message 3 of 8
4,611 Views
0
artemus
Employee
Employee

‎11-06-2020 01:37 PM

Hrm... not too familar with ATP.

 

You could try changing:

[Query=[key=AdvancedHuntingQuery]]

to:

[Query=[key=AdvancedHuntingQuery, properties=[Options=[truncationmaxrecords=100000]]]]

Message 2 of 8
4,616 Views
0

Helpful resources

Announcements
Microsoft Fabric Learn Together

Microsoft Fabric Learn Together

Covering the world! 9:00-10:30 AM Sydney, 4:00-5:30 PM CET (Paris/Berlin), 7:00-8:30 PM Mexico City

PBI_APRIL_CAROUSEL1

Power BI Monthly Update - April 2024

Check out the April 2024 Power BI update to learn about new features.

April Fabric Community Update

Fabric Community Update - April 2024

Find out what's new and trending in the Fabric Community.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All