Query Details
Activity From Infrequent Country
Query
//Alert - Activity from infrequent country SecurityAlert | where SystemAlertId == "eab68468-5057-60f3-2a6b-56b8b1ac9506" | summarize arg_max(TimeGenerated, *) by SystemAlertId
Explanation
This query is looking for a specific security alert with the ID "eab68468-5057-60f3-2a6b-56b8b1ac9506". It then finds the most recent activity related to that alert and summarizes it.
Details
Rod Trent
Released: July 11, 2022
Tables
SecurityAlert
Keywords
Alert,Activity,Country
Operators
wheresummarizearg_maxby