EXPLORE
Sign In
← Back to Explore
kqlHunting

List supression rule creations

This query lists supression rule creations.

Detection Query

CloudAppEvents
| where ActionType == "Write AlertsSuppressionRules"
| project
     Timestamp,
     ActionType,
     Application,
     AccountId,
     AccountDisplayName,
     CreatedSupresionRule = ObjectName

Data Sources

CloudAppEvents

Platforms

azure-sentinelmicrosoft-defender

Tags

defender-for-cloud-apps
Raw Content
# List supression rule creations

## Query Information

#### Description
This query lists supression rule creations.

## Defender XDR
```KQL
CloudAppEvents
| where ActionType == "Write AlertsSuppressionRules"
| project
     Timestamp,
     ActionType,
     Application,
     AccountId,
     AccountDisplayName,
     CreatedSupresionRule = ObjectName
```
## Sentinel
```KQL
CloudAppEvents
| where ActionType == "Write AlertsSuppressionRules"
| project
     TimeGenerated,
     ActionType,
     Application,
     AccountId,
     AccountDisplayName,
     CreatedSupresionRule = ObjectName
```