← Back to Explore
kqlHunting
Last Heartbeat Arc Machines
This query lists the latest heartbeat for each Azure Arc onboarded machine.
Detection Query
let ArcMachines = arg("").Resources
| where type == "microsoft.hybridcompute/machines"
| distinct id;
Heartbeat
| summarize arg_max(TimeGenerated, TimeGenerated, Computer, Resource, ResourceId) by Computer
| where ResourceId in (ArcMachines)Platforms
azure-sentinel
Tags
azure
Raw Content
# Last Heartbeat Arc Machines
## Query Information
#### Description
This query lists the latest heartbeat for each Azure Arc onboarded machine.
## Sentinel
```KQL
let ArcMachines = arg("").Resources
| where type == "microsoft.hybridcompute/machines"
| distinct id;
Heartbeat
| summarize arg_max(TimeGenerated, TimeGenerated, Computer, Resource, ResourceId) by Computer
| where ResourceId in (ArcMachines)
```