PieChart - Exposure Level Onboarded Devices

Query Information

Description

This query visualizes the onboarded devices and their exposure level in a PieChart. The higher the exposure level of a device, the more likely it is to be exploited.

References

https://learn.microsoft.com/en-us/microsoft-365/security/defender-vulnerability-management/tvm-exposure-score?view=o365-worldwide

Defender For Endpoint

DeviceInfo
| where Timestamp > ago(30d)
| where OnboardingStatus == "Onboarded"
| summarize arg_max(Timestamp, *) by DeviceId
| summarize Total = count() by ExposureLevel
| render piechart with(title="Overview Exposure Level")

Sentinel

DeviceInfo
| where TimeGenerated > ago(30d)
| where OnboardingStatus == "Onboarded"
| summarize arg_max(TimeGenerated, *) by DeviceId
| summarize Total = count() by ExposureLevel
| render piechart with(title="Overview Exposure Level")

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Visualization - ExposureLevels.md

Visualization - ExposureLevels.md

PieChart - Exposure Level Onboarded Devices

Query Information

Description

References

Defender For Endpoint

Sentinel

Files

Visualization - ExposureLevels.md

Latest commit

History

Visualization - ExposureLevels.md

File metadata and controls

PieChart - Exposure Level Onboarded Devices

Query Information

Description

References

Defender For Endpoint

Sentinel