- Pie chart
-
By Alert name “SecurityAlert | summarize count() by AlertName | sort by count_”
- By Alert Severity “SecurityAlert | summarize count() by AlertSeverity | sort by count_”
- “SecurityIncident | summarize count() by Severity | sort by count_”
- Product Name “SecurityAlert | summarize count() by ProductName | sort by count_”
- Country Alerts “SecurityAlert | where AlertName ==”K2 - Successful Login from Unusual Country" | extend customDetails = parse_json(ExtendedProperties).[“Custom Details”] | extend country = tostring(parse_json(tostring(customDetails)).Country[0]) | summarize count() by country | sort by count_"