Hi community, Need your help..! is there any possibility that we can create a dashboard for AV related issues or notables...? was using the below query but could get the exact results. requesting you to help me on this to create a dashboard for AV related alerts for the servers. | tstats summariesonly=true max(_time) AS time values(Malware_Attacks.file_name) AS fileName values(Malware_Attacks.signature) AS signature from datamodel=Malware.Malware_Attacks by Malware_Attacks.event_description, Malware_Attacks.dest Malware_Attacks.action | makemv delim="|" fileName | makemv delim="|" signature | rename Malware_Attacks.event_description AS event_description | rename Malware_Attacks.dest AS dest | rename Malware_Attacks.action as action | regex event_description!="blocked" | regex event_description!="deleted" | regex event_description!="Cleaned" | regex event_description!="handled" | where event_description!="Exploit Prevention Files/Process/Registry violation detected" OR threat_handled!=1 | where event_description!="Infected file found, access denied" OR threat_handled!=1 | search action!=handled event_description!=DLL* event_description!="Script security violation detected, AMSI would block" | table time event_description dest fileName signature Thanks, Kishore
... View more