Hi Abhishek,
maybe this could be an idea or a matrix for your solution:
SELECT QIDNAME(qid) AS 'Event Name', UniqueCount("sourceIP") AS 'Source IP (Unique Count)', UniqueCount("destinationIP") AS 'Destination IP (Unique Count)', UniqueCount("destinationPort") AS 'Destination Port (Unique Count)', UniqueCount(logSourceId) AS 'Log Source (Unique Count)', UniqueCount(category) AS 'Low Level Category (Unique Count)', UniqueCount("protocolId") AS 'Protocol (Unique Count)', UniqueCount("userName") AS 'Username (Unique Count)', MAX("magnitude") AS 'Magnitude (Maximum)', SUM("eventCount") AS 'Event Count (Sum)', COUNT(*) AS 'Count' from events where qid='28250369' GROUP BY qid order by "Count" desc last 30 DAYS
Regards,
Ralph
------------------------------
Ralph Belfiore
IT Security Senior Consulting
pro4bizz GmbH
Karlsruhe
+49 721 90981720
------------------------------
Original Message:
Sent: Mon January 11, 2021 11:33 PM
From: Abhishek Kakkireni
Subject: Offenses Monthly report
HI team,
Can anyone provide AQL query to get Monthly offense report like each day how many offenses generated for the customer .I need to show in chart format. I tried but i'm not getting exact data
------------------------------
Abhishek Kakkireni
------------------------------