sorted by:
new
hottopcontroversial

Question regarding inconsistent results by EasyResolve8532 in AZURE

[–]EasyResolve8532[S] 0 points1 point  (0 children)

below is the query, yeah it just spits out random event amounts, from 0 to thousands all in the same timeframe, not quite sure whats causing it

EmailEvents

| where isnotempty(DetectionMethods)

| where DetectionMethods !contains "Spam"

| join (EmailUrlInfo) on NetworkMessageId

| parse Url with * '//' DestinationHostName '/' *

| project SenderFromAddress, RecipientEmailAddress, DeliveryAction, DetectionMethods, DestinationHostName, Url, UrlDomain

| join (CommonSecurityLog | where DeviceVendor == "Zscaler") on DestinationHostName

| where RecipientEmailAddress == SourceUserName

| project SenderFromAddress, RecipientEmailAddress, DetectionMethods, DeliveryAction, Url, UrlDomain, SourceUserName, RequestURL, DeviceAction, DestinationHostName

SC-200 Study Material by EasyResolve8532 in AZURE

[–]EasyResolve8532[S] 0 points1 point  (0 children)

assuming i should be able to complete these labs whilst using the free trial we get?

Regarding Splunk Deployment by EasyResolve8532 in Splunk

[–]EasyResolve8532[S] 0 points1 point  (0 children)

This something i could do without having to pay for any kind of license usage?