Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
snteran
New Member

Power BI for Azure ATP advanced Hunting, query for Failed Logon

‎11-06-2020 10:35 AM

We are running into a row limitation with Advanced Hunting, 10,000 limitation, and it is our understanding we can get up to 100,000 rows with Power BI.  Will we be able to connect, and how, to our Advanced Hunting workspace from Azure ATP?

Labels:
Message 1 of 8
5,446 Views
0
1 ACCEPTED SOLUTION
snteran
New Member

‎11-10-2020 09:08 AM

Well, I think I found the api for O365 security:

 

https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-advanced-hunting?view=o365-worldwide

 

Hope this helps others.

View solution in original post

Message 7 of 8
5,345 Views
7 REPLIES 7
snteran
New Member

‎11-10-2020 09:08 AM

Well, I think I found the api for O365 security:

 

https://docs.microsoft.com/en-us/microsoft-365/security/mtp/api-advanced-hunting?view=o365-worldwide

 

Hope this helps others.

Message 7 of 8
5,346 Views
v-yingjl
Community Support
Community Support
In response to snteran

‎11-10-2020 09:36 PM

Hi @snteran ,

Glad to hear the issue is solved. You can accept your reply as solution, that way, other community members could easily find the answer when they get same issues.

Best Regards,
Community Support Team _ Yingjie Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

Message 8 of 8
5,335 Views
0
snteran
New Member

‎11-06-2020 04:07 PM

well, I think I found the issue as far as connecting Power BI to the correct Advanced Hunting schema.

 

Looking at https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/api-power...

it appears there is not an api created from Power BI to https://security.microsoft.com/advanced-hunting 

 

I guess we will need to see how to collect the data into a cluster someone and then connect to the cluster to run our query for Failed Logon.

 

Any advice/suggestions would be appreciated.

 

Cheers,

Serge

Message 4 of 8
5,391 Views
0
v-yingjl
Community Support
Community Support
In response to snteran

‎11-08-2020 11:40 PM

Hi @snteran ,

Maybe you can refer this blog and sample queries:

  1. Create custom reports using Microsoft Defender ATP APIs and Power BI 
  2. Microsoft Defender ATP Advanced Hunting (AH) sample queries 

 

Best Regards,
Community Support Team _ Yingjie Li
If this post helps, then please consider Accept it as the solution to help the other members find it more quickly.

 

Message 5 of 8
5,360 Views
aaarmstee67
Helper I
Helper I
In response to v-yingjl

‎07-09-2021 09:53 AM

the TVM_Export_API returns no rersults set after refreshing that table. it's empty. anybody has an idea why this is happeneing

 

Message 6 of 8
4,587 Views
0
snteran
New Member

‎11-06-2020 02:17 PM

Thanks for the suggestion.  I tried to add to my query but got syntax error.

 

Query > security.microsoft.com > advanced hunting:

IdentityLogonEvents

| where LogonType == "Failed logon" and isnotempty(AccountName)

| project LogonTime = Timestamp, LogonType, Application, FailureReason, AccountName, AccountUpn, DeviceName, DestinationDeviceName

 

Not sure there is a way to add the properties, I'll try a few other ways but I'm not an KQL guru.

 

Cheers,

Serge

Message 3 of 8
5,401 Views
0
artemus
Microsoft Employee
Microsoft Employee

‎11-06-2020 01:37 PM

Hrm... not too familar with ATP.

 

You could try changing:

[Query=[key=AdvancedHuntingQuery]]

to:

[Query=[key=AdvancedHuntingQuery, properties=[Options=[truncationmaxrecords=100000]]]]

Message 2 of 8
5,406 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All