Knowledge Center
Your hub for insights, expertise, and innovation.
1. Sentinel KQL Query (CPU Performance Monitoring from Sentinel)
Processor Utilization Percentage % from Booting to Maximum Utilization
Insights provides a quick and easy method for getting started monitoring. Example: Min from 0 % Average = 18.899 % and maximum = 99.98 %
union InsightsMetrics
| where Namespace contains “processor”
| summarize min(Val), avg(Val), max(Val) by Name, Namespace
| extend AlertStatus = iff(max_Val > 90, “Critical Alert”, “Normal”)
2. Advanced Hunting
Advanced hunting is a query-based threat hunting (Kusto Query Language (KQL))
Vulnerability Management inventory of software currently installed on devices in your network, including end of support information
End of Support Software & End of Support Version Status KQL Query (Advanced Hunting) Microsoft Defender Date Up to Year 2025
Both System Software and Application Software
DeviceInfo
| where Timestamp >= ago(30d)
| where isnotempty(DeviceName)
| join DeviceTvmSoftwareInventory on DeviceName
| where EndOfSupportStatus contains “EOS”
| where EndOfSupportDate < datetime(2025-12-31)
| project OSPlatform, DeviceName, SoftwareVendor, SoftwareName, SoftwareVersion, EndOfSupportStatus, EndOfSupportDate, Timestamp, ReportId
3. Email Security
Advanced Hunting Status of emails which are successfully Delivered and reached inbox as per the Email Policies & rules (Junk & Blocked)
