KQL Search

Query Details

HomeAI ToolsDevice Query

Active Incidents

Query

SecurityIncident
| where TimeGenerated > ago(10d) 
| where Status == "Active"

Explanation

The query is looking for active security incidents that have occurred within the last 10 days.

Details

Rod Trent profile picture

Rod Trent

Released: June 9, 2020

Tables

SecurityIncident

Keywords

SecurityIncident,TimeGenerated,Status,Active

Operators

|where>ago()==

Actions