Query Details
Incidents By Severity Last 24 Hours
Query
SecurityIncident | summarize arg_max(LastModifiedTime,Severity) by IncidentName | summarize Count = count() by Severity
Explanation
This query is looking at a table called SecurityIncident. It finds the most recent incident for each incident name based on the last modified time and severity. Then, it counts the number of incidents for each severity level.
Details
Rod Trent
Released: June 15, 2023
Tables
SecurityIncident
Keywords
SecurityIncident,LastModifiedTime,Severity,IncidentName,Count
Operators
summarizearg_maxbyIncidentNamecount