Quote from Microsoft Doc:

Scores anomaly points in a series.

The function takes an expression with a dynamic numerical array as input, and generates a dynamic numeric array of the same length. Each value of the array indicates a score of a possible anomaly, using "Tukey's test". A value greater than 1.5 in the same element of the input indicates a rise or decline anomaly. A value less than -1.5, indicates a decline anomaly.

This is very useful for hunting or monitorying for security related events, for example unusual sigin in events

Last updated