Query Details
Computersendingmostsecurityalerts
Query
//Show Computers sending the most Security Alerts union withsource = tt * | where TimeGenerated > startofday(ago(7d)) and TimeGenerated < startofday(now()) | where _IsBillable == true | where tt == "SecurityEvent" | summarize GBytes=round(sum(_BilledSize/(1024*1024*1024)),2) by Solution=tt, Computer | sort by GBytes nulls last | render barchart kind=unstacked
Explanation
This query shows the computers that have sent the most security alerts in the past week. It calculates the total size of the alerts in gigabytes and groups them by the solution and computer. The results are then sorted in descending order and displayed as a bar chart.
Details
Rod Trent
Released: December 9, 2022
Tables
tt
Keywords
Computers,Security,Alerts
Operators
unionwithsourcewheresummarizeroundsumsortrender