Forum Discussion
dmarquesgn
Dec 12, 2022Iron Contributor
Create Detection Rule from query
Hi, I'm new to creating queries with KQL and now testing some queries to extract some insights, from the TVM. So I've got a simple query to extract the total number of vulnerabilities found by TVM, which is this: DeviceTvmSoftwareVulnerabilities | summarize count() by VulnerabilitySeverityLevel | order by VulnerabilitySeverityLevel | render piechart I would like to receive an Alert with the results of this query each day 1 of each month, so I can start to understand some progression. But if I try to create a detection rule based on this query it says that I need to return the required columns "Timestamp" and "ReportId". How can I add those without impacting my end goal? Thanks
No RepliesBe the first to reply