AggregatedSecurityAlert 數據表的查詢

如需在 Azure 入口網站 中使用這些查詢的詳細資訊，請參閱Log Analytics教學課程。 如需 REST API，請參閱 查詢。

依扇區分組匯總安全性警示

依原始扇區分組的匯總安全性警示。

source
| project
    TimeGenerated = todatetime(TimeGenerated),
    DisplayName = AlertDisplayName,
    AlertName = AlertDisplayName,
    AlertSeverity = Severity,
    Description,
    ProviderName,
    VendorName,
    VendorOriginalId = ProviderAlertId,
    SystemAlertId,
    AlertType,
    ConfidenceLevel,
    ConfidenceScore = tofloat(ConfidenceScore),
    StartTime = todatetime(StartTimeUtc),
    EndTime = todatetime(EndTimeUtc),
    ProcessingEndTime = todatetime(ProcessingEndTime),
    RemediationSteps = tostring(todynamic(RemediationSteps)),
    ExtendedProperties = tostring(todynamic(ExtendedProperties )),
    Entities = tostring(todynamic(Entities)),
    SourceSystem = "Detection",
    ExtendedLinks = tostring(todynamic(ExtendedLinks)),
    ProductName,
    ProductComponentName,
    Status,
    CompromisedEntity,
    Tactics = Intent,
    Techniques = tostring(todynamic(Techniques)),
    SubTechniques = tostring(todynamic(SubTechniques)),
    PartnerId,
    PartnerDisplayName,
    PartnerMetadata = tostring(todynamic(PartnerMetadata)),
    AggregatedSecurityAlertRuleIds,
    AggregatedSecurityAlertRuleNames