List supression rule creations

Query Information

Description

This query lists supression rule creations.

Defender XDR

CloudAppEvents
| where ActionType == "Write AlertsSuppressionRules"
| project
     Timestamp,
     ActionType,
     Application,
     AccountId,
     AccountDisplayName,
     CreatedSupresionRule = ObjectName

Sentinel

CloudAppEvents
| where ActionType == "Write AlertsSuppressionRules"
| project
     TimeGenerated,
     ActionType,
     Application,
     AccountId,
     AccountDisplayName,
     CreatedSupresionRule = ObjectName

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SupressionRuleCreations.md

SupressionRuleCreations.md

List supression rule creations

Query Information

Description

Defender XDR

Sentinel

Files

SupressionRuleCreations.md

Latest commit

History

SupressionRuleCreations.md

File metadata and controls

List supression rule creations

Query Information

Description

Defender XDR

Sentinel