Query Details
Incidents By Status Last 24 Hours
Query
SecurityIncident | summarize arg_max(LastModifiedTime, Status) by IncidentName | summarize Count = count() by Status
Explanation
This query is counting the number of security incidents based on their status. It first finds the latest status for each incident and then counts the number of incidents for each status.
Details
Rod Trent
Released: June 15, 2023
Tables
SecurityIncident
Keywords
SecurityIncident,LastModifiedTime,Status,IncidentName,Count
Operators
summarizearg_maxbycount