Rules Runin Last30d
Query
//Analytics Rules that generated alerts (and how many) in the last 30 days
SecurityAlert
| where TimeGenerated >= (30d)
| where ProviderName contains "ASI"
| summarize count() by DisplayNameExplanation
This query retrieves the number of alerts generated by Analytics Rules in the last 30 days. It filters the alerts based on the provider name containing "ASI" and groups them by the display name.
Details

Rod Trent
Released: November 10, 2021
Tables
SecurityAlert
Keywords
SecurityAlertTimeGeneratedProviderNameDisplayName
Operators
where|>=containssummarizecount()by