Hi,
I have a requirement of monitor Guest User Activities through Sentinel.
appreciate if anyone can share a KQL query or propose the way to achieve this through Sentinel.
Thanks,
Dilan
Hi,
I have a requirement of monitor Guest User Activities through Sentinel.
appreciate if anyone can share a KQL query or propose the way to achieve this through Sentinel.
Thanks,
Dilan
@dilannanayakkara-8008 Depending on what specifically you want to track, a normal track would be to see where they signed up from like location details of IP and longitude plus latitude.
For that you can query on usertype attribute.

After you find which attribute you want to track, you can create a workbook so that Sentinel then can show you all the relevant details.
A great start can be done from here : https://techcommunity.microsoft.com/t5/azure-sentinel/how-to-use-azure-sentinel-to-follow-a-users-travel-and-map-their/ba-p/981716
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
@dilannanayakkara-8008 Do let us know for any help.
Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.
10 people are following this question.
Is it possible to create an alert in Azure Sentinel for when a data source stops feeding logs?
Where is the appliance name/ip when sending Fortigate (CEF) logs to Sentinel?
Send syslog server logs to Azure Sentinel through log analytics gateway
ThreatIntelligenceIndicator correlation and False Positive removal
Incorrect percentage values on the Azure Pricing details site