From 994ae573cfed1acc7fcfc4fdb20a67e7037f50f3 Mon Sep 17 00:00:00 2001 From: Adon Metcalfe Date: Wed, 1 Jun 2022 15:04:42 +0800 Subject: [PATCH] Update Sentinel-ConnectorHealth.kql --- kql/Sentinel-ConnectorHealth.kql | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/kql/Sentinel-ConnectorHealth.kql b/kql/Sentinel-ConnectorHealth.kql index 58fcb91..3670a16 100644 --- a/kql/Sentinel-ConnectorHealth.kql +++ b/kql/Sentinel-ConnectorHealth.kql @@ -1,12 +1,2 @@ -let Now = now(); -let timeago = 30d; -let interval = 1h; -(range TimeGenerated from ago(timeago) to Now - interval step interval -| extend Count = 0 -| union isfuzzy=true - (SecurityIncident - | where ProviderName == "Microsoft 365 Defender" - | summarize Count = count() by bin_at(TimeGenerated, interval, Now)), TenantId -| summarize Count=max(Count) by bin_at(TimeGenerated, interval, Now), TenantId -| sort by TimeGenerated, TenantId -| project Value = iff(isnull(Count), 0, Count), Time = TimeGenerated, Tenant = TenantId, Legend = "Incidents") +find TimeGenerated > ago(2d) +| summarize Count = count() by bin(TimeGenerated, 1h), source_, TenantId