In order to make some reports, I'm using KQL in Defender to read the existing tables. I make the KQL query in Defender and then i go to my python script and put the query inside and adjust the script to show what i need to see.
So far that has been working just fine.
Today I'm having a different need of query and i simply replace the query that i checked already and works in Defender but for my luck, I'm getting Error 400.
This the loop where things start to go wrong:
Thing is that i can change the query value for something different like 'DeviceEvents' and when i run the program, it will actually fetch the information. Same error i get when trying to query different tables. Some of them are ok, some of them not and all of them are working in Defender when running them.
This instead, would work just fine:
I have been printing req, url, data, headers and all seems to be in place but when running urllib.request.urlopen(req), it gives back the Error 400.
The expectation would have been that print(results) would display the data retrieved that later on, i'd format as needed.