Query Details
Event I Dsin Last Day
Query
//Switch to Stacked Display SecurityEvent | where TimeGenerated > ago(1d) | summarize count() by tostring(EventID), AccountType, bin(TimeGenerated, 1h)
Explanation
This query is looking at security events that have occurred in the past day. It is grouping the events by their EventID, AccountType, and the time they were generated. The count of events in each group is then calculated.
Details
Rod Trent
Released: March 26, 2020
Tables
SecurityEvent
Keywords
Switch,Stacked,Display,SecurityEvent,TimeGenerated,AccountType,EventID
Operators
where>agosummarizecount()bytostringbin