Query Details
Greater Than One City
Query
//Alert - Users with Greater Than 1 City SecurityAlert | where SystemAlertId == "7fa76d62-ac52-602a-b748-a28d0b7cabac" | summarize arg_max(TimeGenerated, *) by SystemAlertId
Explanation
This query is looking for a specific security alert with the ID "7fa76d62-ac52-602a-b748-a28d0b7cabac". It then summarizes the information by selecting the latest entry for each unique SystemAlertId.
Details
Rod Trent
Released: July 11, 2022
Tables
SecurityAlert
Keywords
Alert,Users,City,SecurityAlert,SystemAlertId,TimeGenerated
Operators
wheresummarizearg_maxby