Queries for the AWSGuardDuty table

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

High severity findings

Returns high severity findings summarize by activity type.

AWSGuardDuty
| where Severity > 7
| summarize count() by ActivityType