![avg update log avg update log](https://jdomain.vn/dinh-virus-quang-cao/imager_4_18142_700.jpg)
Let computerContains = “ejukebox” // add name to define the computer you want to look at I was collecting the “Processor(_Total)\% Processor Time” perf counter. Example output: The “Reference” line is from 3 days ago and the “Current” line is for the latest 24 hours. Let StartTime = now()- 5 d let EndTime = now()- 4 d Perf | where CounterName = “% Processor Time” | where TimeGenerated > StartTime and TimeGenerated StartTime and TimeGenerated ago( 4 h) | where Computer startswith “Contoso” | where CounterName = “% Processor Time” | summarize avg(CounterValue) by Computer, bin(TimeGenerated, 15 m) | render timechart | extend Threshold = 10 // set a refernce line | summarize avg(CounterValue), percentiles(CounterValue, 50, 95 ) by bin(TimeGenerated, 1 h) | summarize AggregatedValue = avg(CounterValue) by bin(TimeGenerated, 1 h), Computer | where ObjectName = “Processor” and CounterName = “% Processor Time” and InstanceName = “_Total” and Computer in ((Heartbeat | summarize avg(CounterValue) by Computer | where avg_CounterValue > 70 | where ObjectName= “Memory” and CounterName= “% Committed Bytes In Use” | where TimeGenerated > StartTime and TimeGenerated StartTime and TimeGenerated StartTime and TimeGenerated StartTime and TimeGenerated 10 | project Activity, activityArr, activityId=activityArr | extend activityArr=split(Activity, ” – “ ) | parse Activity with activityID ” – “ activityDesc | summarize count (), SessionDuration=avg(SessionDuration), dcount(TargetLogonId), dcount(Account) by Computer | where SessionDuration != todouble(TimeList) | extend SessionDuration = todouble(SessionDuration) | extend SessionDuration = series_fir(TimeList, dynamic(), false, false ) | summarize TimeList = makelist(TimeGenerated/ 1 s, 100000 ) by Computer, Account, TargetLogonId | order by TimeGenerated asc, EventID asc | project Computer, Account, TargetLogonId, TimeGenerated, EventID | where Computer in (detections) and EventID = 4624 Let detections = toscalar(SecurityDetection find which accounts failed to logon on computers where we identify a security detection | summarize SecurityAlerts=makeset(AlertTitle), HighAlertsCount= count () by Computer | summarize UpdatesNeeded=makeset(Title), Updates=dcount(Title) by Computer List of Computers missing updates and also detected high severity security dections
![avg update log avg update log](https://media.cybernews.com/images/featured/2020/10/avg-antivirus-review.jpg)
| summarize UniqueUpdatesCount = count (), makeset(Title), makeset(KBID) by Computer | where OSType != “Linux” and UpdateState = “Needed” and Optional = “false” and (Classification = “Security Updates” or Classification = “Critical Updates” ) Needed Security Updates & Critical Updates by Computer | summarize UniqueUpdatesCount = dcount(Product) by Computer, OSType | where Computer in (lastDa圜omputersMissingUpdates) | where Classification = “Critical Updates” and UpdateState != “Not needed” and UpdateState != “NotNeeded” | where TimeGenerated between (ago( 3 d).ago( 2 d)) Let lastDa圜omputersMissingUpdates = Update
![avg update log avg update log](https://image.slidesharecdn.com/avg2011productline-101205114745-phpapp01/95/avg-2011-product-line-38-728.jpg)
Computers Missing Updates last week and still missing it. | summarize count () by bin (TimeGenerated, 1 h), Process Create a time chart of these 5 processes – hour by hour Find the 5 processes that were run the most Find all processes that started in the last 3 days. Top 5 running processes in the last 3 days search, where, take, count, summarize, bin, top, extend, project, distinct // - 80% of what you'll ever do, 10 commands -//