The purpose of this repository is to share KQL queries that can be used by anyone and are understandable. These queries are intended to increase detection coverage through the logs of Microsoft ...
// Run in Log Analytics workspace linked to the Key Vault diagnostic settings. // Returns secret access events attributed to the managed identity principal.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results