VOOZH

URL: https://learn.microsoft.com/en-us/azure/azure-monitor/reference/queries/crowdstrikealerts

⇱ Example log table queries for CrowdStrikeAlerts - Azure Monitor | Microsoft Learn

Note

Access to this page requires authorization. You can try signing in or .

Access to this page requires authorization. You can try .

Queries for the CrowdStrikeAlerts table

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

Critical alerts by tactic

Returns count of critical alerts grouped by MITRE ATT&CK tactic.

CrowdStrikeAlerts
| where Severity == "Critical"
| summarize count() by TacticId, Tactic
| order by count_ desc

Feedback

Was this page helpful?

Additional resources

Last updated on