Forum Discussion

dmarquesgn's avatar
dmarquesgn
Iron Contributor
Dec 12, 2022

Create Detection Rule from query

Hi, I'm new to creating queries with KQL and now testing some queries to extract some insights, from the TVM. So I've got a simple query to extract the total number of vulnerabilities found by TVM, which is this: DeviceTvmSoftwareVulnerabilities | summarize count() by VulnerabilitySeverityLevel | order by VulnerabilitySeverityLevel | render piechart I would like to receive an Alert with the results of this query each day 1 of each month, so I can start to understand some progression. But if I try to create a detection rule based on this query it says that I need to return the required columns "Timestamp" and "ReportId". How can I add those without impacting my end goal? Thanks
No RepliesBe the first to reply

Resources