Query Details
Security Alert Visualize Alertsby Product
Query
//Visualize the number of alerts generated per day by each Defender product //Data connector required for this query - Security Alert (free table that other Defender products send alert info to) SecurityAlert | where TimeGenerated > ago(14d) | summarize Count=count() by ProductName, bin(TimeGenerated, 1d) | where ProductName != "Azure Sentinel" | render columnchart with (kind=unstacked, title="Alerts by Defender product per day")
Explanation
This query visualizes the number of alerts generated each day by each Defender product. It uses the Security Alert data connector and filters the data for the past 14 days. The query then groups the alerts by product name and day, and counts the number of alerts for each combination. It excludes Azure Sentinel from the results. Finally, it renders a column chart to display the alerts by Defender product per day.
Details
Matt Zorich
Released: June 17, 2022
Tables
SecurityAlert
Keywords
SecurityAlert,TimeGenerated,ProductName,Count
Operators
wheresummarizecountbybinrender