Create EPSperTable.kql

adrianbiro · Jul 19, 2023 · 8294ac3 · 8294ac3
1 parent fe0eb5d
commit 8294ac3
Showing 1 changed file with 9 additions and 0 deletions.
diff --git a/EPSperTable.kql b/EPSperTable.kql
@@ -0,0 +1,9 @@
+//Average EPS for a table. Change the tablename
+
+let bytes_ = 500;
+SecurityEvent
+| where TimeGenerated > startofday(ago(1d))
+| summarize count() by bin(TimeGenerated, 1m)
+| extend EPS = count_ /60
+|summarize avg(EPS), estimatedGBytes = (avg(EPS) * bytes_ ) / (1024*1024*1024)
+| sort by toint(estimatedGBytes) desc