Skip to content

Commit 6be2aff

Browse files
schmurkyschmurky
committed
Update
1 parent 57abf70 commit 6be2aff

File tree

2 files changed

+4
-3
lines changed

2 files changed

+4
-3
lines changed

defender-xdr/advanced-hunting-defender-use-custom-rules.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -52,13 +52,14 @@ In the query editor, enter the query in the following format:
5252
```Kusto
5353
adx('<Cluster URI>/<Database Name>').<Table Name>
5454
```
55-
In the query editor, enter
55+
56+
For example:
5657

5758
:::image type="content" source="/defender-xdr/media/adx-sample.png" alt-text="Screenshot of adx operator in advanced hunting." lightbox="/defender-xdr/media/adx-sample.png":::
5859

5960

6061
### Use arg() operator for Azure Resource Graph queries
61-
The *arg()* operator can be used to query across deployed Azure resources like subscriptions, virtual machines, CPU, storage, and the like.
62+
The `arg()` operator can be used to query across deployed Azure resources like subscriptions, virtual machines, CPU, storage, and the like.
6263

6364
This feature was previously only available in log analytics in Microsoft Sentinel. In the Microsoft Defender portal, the `arg()` operator works over Microsoft Sentinel data (that is, Defender XDR tables are not supported). This allows users to use the operator in advanced hunting without needing to manually open a Microsoft Sentinel window.
6465

defender-xdr/whats-new.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ For more information on what's new with other Microsoft Defender security produc
3030
You can also get product updates and important notifications through the [message center](https://admin.microsoft.com/Adminportal/Home#/MessageCenter).
3131

3232
## December 2024
33-
- (Preview) In [advanced hunting](advanced-hunting-defender-use-custom-rules.md#use-adx-operator-for-azure-data-explorer-queries), Microsoft Defender portal users can now use the *adx()* operator for Azure Data Explorer queries to . You no longer need to go to Log Analytics in Microsoft Sentinel to use this operator if you are already in Microsoft Defender.
33+
- (Preview) In [advanced hunting](advanced-hunting-defender-use-custom-rules.md#use-adx-operator-for-azure-data-explorer-queries), Microsoft Defender portal users can now use the *adx()* operator to query tables stored in Azure Data Explorer. You no longer need to go to log analytics in Microsoft Sentinel to use this operator if you are already in Microsoft Defender.
3434

3535
## November 2024
3636

0 commit comments

Comments
 (0)