I am trying to query For Remote Code Execution Attempt alerts, Does anyone have an idea how to go about this.
SecurityAlert
| where TimeGenerated >= ago(20d)
| where AlertName contains "Remote code execution attempt"
| extend Entities = tostring(parse_json(Entities)[0])
| project Entities, AlertName, Status
I am trying to output the Hostnames and other information
