list the number of MS Graph alerts by Day and Severity
-- MS Graph trends by day WITH List AS ( SELECT substring(CAST(event_date_time AS VARCHAR),1,10) Day, Severity, COUNT(event_date_time) Severity_Events, CASE severity WHEN 'HIGH' THEN 3 WHEN 'MEDIUM' THEN 2 ELSE 1 END Severity_score FROM mdr_ms_graph_api_data --WHERE title NOT LIKE '[SAMPLE ALERT]%' GROUP BY 1, 2 ) SELECT Day, Severity, Severity_Events Count FROM List ORDER BY Day DESC, Severity_Score DESC
