Query Details
Rules Runin Last30d
Query
//Analytics Rules that generated alerts (and how many) in the last 30 days SecurityAlert | where TimeGenerated >= (30d) | where ProviderName contains "ASI" | summarize count() by DisplayName
Explanation
This query retrieves the number of alerts generated by Analytics Rules in the last 30 days. It filters the alerts based on the provider name containing "ASI" and groups them by the display name.
Details
Rod Trent
Released: November 10, 2021
Tables
SecurityAlert
Keywords
SecurityAlert,TimeGenerated,ProviderName,DisplayName
Operators
where|>=containssummarizecount()by