SignalForge

by Windsor Security

Free Noise Bill Calculator

Find out how much your SOC is spending on false positive alerts. Export your Sentinel incidents, upload the CSV, and get an instant noise cost analysis. 100% client-side — your data never leaves your browser.

1

Run this query in Sentinel Log Analytics

Copy the KQL query below, paste it into your Sentinel Log Analytics workspace, run it, and export the results as CSV.

SecurityIncident
| where TimeGenerated > ago(30d)
| where Status == "Closed" or Status == "Resolved"
| mv-expand AlertIds
| extend AlertIds = tostring(AlertIds)
| join kind=inner (
    SecurityAlert
    | summarize AlertName = any(AlertName) by SystemAlertId
) on $left.AlertIds == $right.SystemAlertId
| summarize
    Title = any(Title),
    Severity = any(Severity),
    Classification = any(Classification),
    CreatedTime = any(CreatedTime),
    ClosedTime = any(ClosedTime)
    by IncidentNumber, AlertName

Instructions

  1. Open your Azure Portal and navigate to Microsoft Sentinel
  2. Go to Logs (Log Analytics)
  3. Paste the KQL query above and click Run
  4. Click Export → Export to CSV - all columns
  5. Save the CSV file and proceed to the next step