次の方法で共有

Update テーブルのクエリ

  • [アーティクル]

Azure portal でこれらのクエリを使用する方法については、 Log Analytics のチュートリアルを参照してください。 REST API については、「 Query」を参照してください。

セキュリティまたは重要な更新プログラムが見つからない

不足しているセキュリティまたはその他の重要な更新プログラムの数をカウントします。

// To create an alert for this query, click '+ New alert rule'
Update
| where Classification in ("Security Updates", "Critical Updates")
| where UpdateState == 'Needed' and Optional == false and Approved == true
| summarize count() by Classification, Computer, _ResourceId
// This query requires the Security or Update solutions

Windows マシンで利用可能な更新プログラム

分類および各コンピューターで使用できる Windows 更新プログラムの KB ID を一覧表示します。

// To create an alert for this query, click '+ New alert rule'
Update
| where TimeGenerated>ago(14h) 
| where UpdateState =~ "Needed" and OSType != "Linux" 
| summarize by Computer, Classification, Product, KBID, ResourceId

Linux マシンで使用可能な更新プログラム

分類および各コンピューターで使用可能な Linux パッケージ バージョンの更新プログラムを一覧表示します。

// To create an alert for this query, click '+ New alert rule'
Update
| where TimeGenerated>ago(14h) 
| where UpdateState =~ "Needed" and OSType == "Linux" 
| summarize by Computer, Classification, Product, ProductVersion, ResourceId

不足している更新プログラムの概要

不足している更新プログラムの概要をカテゴリ別に取得します。

Update
| where TimeGenerated>ago(5h) and OSType=="Linux" and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification) by Computer, SourceComputerId, Product, ProductArch
| where UpdateState=~"Needed"
| summarize by Product, ProductArch, Classification
| union (Update
| where TimeGenerated>ago(14h) and OSType!="Linux" and (Optional==false or Classification has "Critical" or Classification has "Security") and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Approved) by Computer, SourceComputerId, UpdateID
| where UpdateState=~"Needed" and Approved!=false
| summarize by UpdateID, Classification )
| summarize allUpdatesCount=count(), criticalUpdatesCount=countif(Classification has "Critical"), securityUpdatesCount=countif(Classification has "Security"), otherUpdatesCount=countif(Classification !has "Critical" and Classification !has "Security")

不足している更新プログラム一覧

不足しているすべての更新プログラムの一覧を取得します。

Update
| where TimeGenerated>ago(5h) and OSType=="Linux" and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, BulletinUrl, BulletinID) by SourceComputerId, Product, ProductArch
| where UpdateState=~"Needed"
| project-away UpdateState, TimeGenerated
| summarize computersCount=dcount(SourceComputerId, 2), ClassificationWeight=max(iff(Classification has "Critical", 4, iff(Classification has "Security", 2, 1))) by id=strcat(Product, "_", ProductArch), displayName=Product, productArch=ProductArch, classification=Classification, InformationId=BulletinID, InformationUrl=tostring(split(BulletinUrl, ";", 0)[0]), osType=1
| union(Update
| where TimeGenerated>ago(14h) and OSType!="Linux" and (Optional==false or Classification has "Critical" or Classification has "Security") and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Title, KBID, PublishedDate, Approved) by Computer, SourceComputerId, UpdateID
| where UpdateState=~"Needed" and Approved!=false
| project-away UpdateState, Approved, TimeGenerated
| summarize computersCount=dcount(SourceComputerId, 2), displayName=any(Title), publishedDate=min(PublishedDate), ClassificationWeight=max(iff(Classification has "Critical", 4, iff(Classification has "Security", 2, 1))) by id=strcat(UpdateID, "_", KBID), classification=Classification, InformationId=strcat("KB", KBID), InformationUrl=iff(isnotempty(KBID), strcat("https://support.microsoft.com/kb/", KBID), ""), osType=2)
| sort by ClassificationWeight desc, computersCount desc, displayName asc
| extend informationLink=(iff(isnotempty(InformationId) and isnotempty(InformationUrl), toobject(strcat('{ "uri": "', InformationUrl, '", "text": "', InformationId, '", "target": "blank" }')), toobject('')))
| project-away ClassificationWeight, InformationId, InformationUrl

不足している更新プログラムがあるコンピューター

更新プログラムが不足しているすべてのコンピューター。

// To create an alert for this query, click '+ New alert rule'
Update
|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" 
| project TimeGenerated, Computer, Title, KBID, Classification, MSRCSeverity, PublishedDate, _ResourceId
| sort by TimeGenerated desc

サーバーに必要な更新プログラムがない

特定のコンピューター "ComputerName" の更新プログラムがありません (自分のコンピューター名に置き換えてください)。

// To create an alert for this query, click '+ New alert rule'
let ComputerName = "Enter your computer name here";
Update
|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" and Computer == ComputerName
| project TimeGenerated, Computer, Title, KBID, Product, MSRCSeverity, PublishedDate, _ResourceId
| sort by TimeGenerated desc

重要なセキュリティ更新プログラムが見つからない

重要な更新プログラムまたはセキュリティ更新プログラムが不足しているすべてのコンピューター。

// To create an alert for this query, click '+ New alert rule'
Update
|where  OSType != "Linux" and UpdateState == "Needed" and Optional == "false" and (Classification == "Security Updates" or Classification == "Critical Updates") 
| sort by TimeGenerated desc

更新プログラムが手動で実行されているセキュリティまたは重要な情報がない

更新プログラムが手動で適用されるマシンで必要な重要な更新プログラムまたはセキュリティ更新プログラム。

// To create an alert for this query, click '+ New alert rule'
Update
| where OSType != "Linux" and UpdateState == "Needed" and Optional == "false"
 |where (Classification == "Security Updates" or Classification == "Critical Updates")
| join kind=inner (UpdateSummary |where WindowsUpdateSetting == "Manual" |distinct Computer) on Computer 
| distinct KBID, Computer, _ResourceId

更新プログラムのロールアップが見つからない

更新プログラムのロールアップが見つからないすべてのコンピューター。

// To create an alert for this query, click '+ New alert rule'
Update
| where OSType != "Linux" and Optional == "false" and Classification == "Update Rollups" and UpdateState == "Needed" 
| project TimeGenerated, Computer, Title, KBID, Classification, MSRCSeverity, PublishedDate, _ResourceId
| sort by TimeGenerated desc

個別の不足している更新プログラムが複数のコンピューターにまたがっています

すべてのコンピューターで個別の不足している更新プログラム。

// To create an alert for this query, click '+ New alert rule'
Update
| where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" 
| distinct Title, Computer, _ResourceId