Query's voor de tabel Bijwerken

Artikel
02/18/2025

Zie de zelfstudie over Log Analytics voor meer informatie over het gebruik van deze query's in Azure Portal. Zie Query voor de REST API.

Ontbrekende beveiligingsupdates of essentiële updates

Tel hoeveel beveiligings- of andere essentiële updates ontbreken.

// To create an alert for this query, click '+ New alert rule'
Update
| where Classification in ("Security Updates", "Critical Updates")
| where UpdateState == 'Needed' and Optional == false and Approved == true
| summarize count() by Classification, Computer, _ResourceId
// This query requires the Security or Update solutions

Beschikbare updates voor Windows-computers

Vermeld de Windows Update KBID's die beschikbaar zijn op basis van hun classificatie en voor elke computer.

// To create an alert for this query, click '+ New alert rule'
Update
| where TimeGenerated>ago(14h) 
| where UpdateState =~ "Needed" and OSType != "Linux" 
| summarize by Computer, Classification, Product, KBID, ResourceId

Beschikbare updates voor Linux-machines

Vermeld de updates van de Linux-pakketversie die beschikbaar zijn op basis van hun classificatie en voor elke computer.

// To create an alert for this query, click '+ New alert rule'
Update
| where TimeGenerated>ago(14h) 
| where UpdateState =~ "Needed" and OSType == "Linux" 
| summarize by Computer, Classification, Product, ProductVersion, ResourceId

Samenvatting ontbrekende updates

Bekijk een overzicht van ontbrekende updates per categorie.

Update
| where TimeGenerated>ago(5h) and OSType=="Linux" and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification) by Computer, SourceComputerId, Product, ProductArch
| where UpdateState=~"Needed"
| summarize by Product, ProductArch, Classification
| union (Update
| where TimeGenerated>ago(14h) and OSType!="Linux" and (Optional==false or Classification has "Critical" or Classification has "Security") and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Approved) by Computer, SourceComputerId, UpdateID
| where UpdateState=~"Needed" and Approved!=false
| summarize by UpdateID, Classification )
| summarize allUpdatesCount=count(), criticalUpdatesCount=countif(Classification has "Critical"), securityUpdatesCount=countif(Classification has "Security"), otherUpdatesCount=countif(Classification !has "Critical" and Classification !has "Security")

Lijst met ontbrekende updates

Haal een lijst op met alle updates die ontbreken.

Update
| where TimeGenerated>ago(5h) and OSType=="Linux" and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=="Linux" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, BulletinUrl, BulletinID) by SourceComputerId, Product, ProductArch
| where UpdateState=~"Needed"
| project-away UpdateState, TimeGenerated
| summarize computersCount=dcount(SourceComputerId, 2), ClassificationWeight=max(iff(Classification has "Critical", 4, iff(Classification has "Security", 2, 1))) by id=strcat(Product, "_", ProductArch), displayName=Product, productArch=ProductArch, classification=Classification, InformationId=BulletinID, InformationUrl=tostring(split(BulletinUrl, ";", 0)[0]), osType=1
| union(Update
| where TimeGenerated>ago(14h) and OSType!="Linux" and (Optional==false or Classification has "Critical" or Classification has "Security") and SourceComputerId in ((Heartbeat
| where TimeGenerated>ago(12h) and OSType=~"Windows" and notempty(Computer)
| summarize arg_max(TimeGenerated, Solutions) by SourceComputerId
| where Solutions has "updates"
| distinct SourceComputerId))
| summarize hint.strategy=partitioned arg_max(TimeGenerated, UpdateState, Classification, Title, KBID, PublishedDate, Approved) by Computer, SourceComputerId, UpdateID
| where UpdateState=~"Needed" and Approved!=false
| project-away UpdateState, Approved, TimeGenerated
| summarize computersCount=dcount(SourceComputerId, 2), displayName=any(Title), publishedDate=min(PublishedDate), ClassificationWeight=max(iff(Classification has "Critical", 4, iff(Classification has "Security", 2, 1))) by id=strcat(UpdateID, "_", KBID), classification=Classification, InformationId=strcat("KB", KBID), InformationUrl=iff(isnotempty(KBID), strcat("https://support.microsoft.com/kb/", KBID), ""), osType=2)
| sort by ClassificationWeight desc, computersCount desc, displayName asc
| extend informationLink=(iff(isnotempty(InformationId) and isnotempty(InformationUrl), toobject(strcat('{ "uri": "', InformationUrl, '", "text": "', InformationId, '", "target": "blank" }')), toobject('')))
| project-away ClassificationWeight, InformationId, InformationUrl

Computer met ontbrekende updates

Alle computers met ontbrekende updates.

// To create an alert for this query, click '+ New alert rule'
Update
|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" 
| project TimeGenerated, Computer, Title, KBID, Classification, MSRCSeverity, PublishedDate, _ResourceId
| sort by TimeGenerated desc

Vereiste updates voor server ontbreken

Ontbrekende updates voor een specifieke computer ComputerName (vervang door uw eigen computernaam).

// To create an alert for this query, click '+ New alert rule'
let ComputerName = "Enter your computer name here";
Update
|where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" and Computer == ComputerName
| project TimeGenerated, Computer, Title, KBID, Product, MSRCSeverity, PublishedDate, _ResourceId
| sort by TimeGenerated desc

Ontbrekende essentiële beveiligingsupdates

Alle computers waarop essentiële updates of beveiligingsupdates ontbreken.

// To create an alert for this query, click '+ New alert rule'
Update
|where  OSType != "Linux" and UpdateState == "Needed" and Optional == "false" and (Classification == "Security Updates" or Classification == "Critical Updates") 
| sort by TimeGenerated desc

Ontbrekende beveiliging of kritiek waarbij update handmatig is

Essentiële of beveiligingsupdates die nodig zijn voor computers waarop updates handmatig worden toegepast.

// To create an alert for this query, click '+ New alert rule'
Update
| where OSType != "Linux" and UpdateState == "Needed" and Optional == "false"
 |where (Classification == "Security Updates" or Classification == "Critical Updates")
| join kind=inner (UpdateSummary |where WindowsUpdateSetting == "Manual" |distinct Computer) on Computer 
| distinct KBID, Computer, _ResourceId

Ontbrekende updatepakketten

Alle computers met ontbrekende updatepakketten.

// To create an alert for this query, click '+ New alert rule'
Update
| where OSType != "Linux" and Optional == "false" and Classification == "Update Rollups" and UpdateState == "Needed" 
| project TimeGenerated, Computer, Title, KBID, Classification, MSRCSeverity, PublishedDate, _ResourceId
| sort by TimeGenerated desc

Afzonderlijke ontbrekende updates op meerdere computers

Afzonderlijke ontbrekende updates op alle computers.

// To create an alert for this query, click '+ New alert rule'
Update
| where OSType != "Linux" and UpdateState == "Needed" and Optional == "false" 
| distinct Title, Computer, _ResourceId

Delen via