Query Details
Most Generated Incidents
Query
//Display the Incidents generated in the last 90 days, but show which ones are generated the most. Good data to help tune your SOC responses and automation. SecurityIncident | where TimeGenerated >= (90d) | summarize count() by Title | distinct Title, count_ | order by count_ desc
Explanation
This query displays the incidents generated in the last 90 days and shows which ones are generated the most. It provides useful data to help improve SOC responses and automation. The results are grouped by incident title and sorted in descending order based on the count of each incident.
Details
Rod Trent
Released: June 22, 2021
Tables
SecurityIncident
Keywords
Incidents,Generated,Last,Days,Most,Data,SOC,Responses,Automation
Operators
|where>=summarizecount()bydistinctorder bydesc