This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
Check out the new Professional Security Operations Engineer certification beta!
Log in to ask a question

metrics function for calculating alert volume over 7 days

Posted on 02-26-2025 11:00 AM
NASEEF
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

hello Team

@raybrian @jstoner @dnehoda 

Could anyone please help me with metrics alert event name count functionality? I have a use case that requires calculating the average number of alerts received per host from Defender . Can this metric be used for that purpose? Also, does it include Defender alerts by default? i only need defender alerts 

 

This Splunk query I need to translate to yara is designed to monitor and analyze security alerts generated by Microsoft Defender Advanced Threat Protection (ATP) over a 7-day period. The goal is to identify hosts that are generating an unusually high number of alerts compared to their average hourly alert count.

Thanks in advance

0 7 489
Topic Labels
0 Likes
7 REPLIES 7
Top Solution Authors
View all