Volver al hub

OS Platform ratio

This query aggregates SensorHeartbeat events by operating system platform to show the relative distribution of endpoints per OS. It is well suited for visualization as a pie chart, providing a quick overview of platform coverage and identifying imbalances or unexpected OS presence in the environment.

EDRmonitoring
FDR intermediatepor ByteRay GmbH (cql-hub.com) 1 min read

Query

#event_simpleName = SensorHeartbeat
| groupBy(aid,event_platform)
| groupBy([event_platform])

Explicación

Importado desde cql-hub.com. Agrega explicación de pipes aquí.

Variables a ajustar

Revisa y ajusta los valores según tu entorno.