• View detection count by category and severity

    • Under Review on
    • 0 Comments
    This query provides a count of the number of detections per category and severity. -- MS Graph API Alerts -- VARIABLE STRING $$category$$ -- VARIABLE STRING $$severity$$ WITH List AS ( SELECT Category, Severity, title, COUNT(event_date_time...
  • QUERY: MS Graph Security Explore

    • Under Review on
    • 0 Comments
    This query allows you to view the detection details that have been received from the MS Graph Connector. The primary table we are exploring is mdr_ms_graph_api_data. This query takes two variables allowing to to set a filter by category and severity...
  • MS Graph - List graph alerts by category

    • Under Review on
    • 1 Comment
    List detections by category with additional information on title, description, severity and count for the selected time period SELECT Category, title, description, severity, -- ARRAY_JOIN(ARRAY_AGG(title ||' :: '|| description),CHR(10)) title_list...
  • MS Graph detections by Day and Severity

    • Under Review on
    • 0 Comments
    list the number of MS Graph alerts by Day and Severity -- MS Graph trends by day WITH List AS ( SELECT substring(CAST(event_date_time AS VARCHAR),1,10) Day, Severity, COUNT(event_date_time) Severity_Events, CASE severity WHEN 'HIGH' THEN...