Azure Honeypot & Sentinel SIEM Project (Part 3): Extracting Custom fields and Displaying on the Map
This is part 3 of the project.
Here I extract train the custom log to extract custom fields and mao
#######################################################
Relevant Resources
Project Playlist - • Azure Honeypot & Sentinel SIEM Projec...
Sentinel Query -
'FAILED_RDP_WITH_GEO_CL | summarize event_count=count() by sourcehost_CF, latitude_CF, longitude_CF, country_CF, label_CF, destinationhost_CF
| where destinationhost_CF != "samplehost"
| where sourcehost_CF != "" '
