← Back to Explore
kqlHunting
Antivirus Detections by day
This query visualizes the daily antivirus detections, which can give an indication in anomalous amount of activities that are performed in your environment.
Detection Query
DeviceEvents
| where Timestamp > ago(30d)
| where ActionType == 'AntivirusDetection'
| summarize count() by bin(Timestamp, 1d)
| render linechart with(title="Antivirus Detections by Day")Data Sources
DeviceEvents
Platforms
windowsazure-sentinelmicrosoft-defender
Tags
security-operationsdetection
Raw Content
# Antivirus Detections by day
#### Description
This query visualizes the daily antivirus detections, which can give an indication in anomalous amount of activities that are performed in your environment.
## Defender XDR
```KQL
DeviceEvents
| where Timestamp > ago(30d)
| where ActionType == 'AntivirusDetection'
| summarize count() by bin(Timestamp, 1d)
| render linechart with(title="Antivirus Detections by Day")
```
## Sentinel
```KQL
DeviceEvents
| where TimeGenerated > ago(30d)
| where ActionType == 'AntivirusDetection'
| summarize count() by bin(TimeGenerated, 1d)
| render linechart with(title="Antivirus Detections by Day")
```