Query Details
Scalarexpression
Query
let numdays=3; let newnumdays=toscalar(numdays*3); SecurityAlert | where DisplayName contains "svchost" | project AlertName , newnumdays
Explanation
The query is looking for security alerts that have "svchost" in their display name. It then selects the alert name and a new calculated value called "newnumdays", which is three times the value of the variable "numdays".
Details
Rod Trent
Released: March 26, 2020
Tables
SecurityAlert
Keywords
SecurityAlert,DisplayName,AlertName
Operators
containswhereproject