Working with Sentinel and Log Analytics is nearly a daily task for me of late, and working with WDAC of late interrogating file paths was something I was finding very tedious until I found the parse_path() function.
As the name suggests it allows you to parse a file path, and it returns an object containing all the useful information you would need such as the Directory Path, file name and file extension (just to name a few).
Gone now are the days of having to use the split function to find the file name
| extend FileName = tostring(split(ExecuteablePath, "\")[-1])It is now replaced by the much more user friendly and efficient approach.
| extend FileName = tostring(parse_path(ExecutablePath).Filename)