You are investigating repeated SQL injection alerts. The KQL query returns IP addresses with more than 5 alerts in the last 7 days. What is the purpose of the `summarize` and `where AlertCount > 5` lines?
High alert counts may indicate ongoing malicious activity.
Why this answer
Option D is correct because the query groups alerts by IP and filters for those with high frequency, indicating a potential attack. Option A is wrong because the query does not remove duplicates. Option B is wrong because it does not count distinct IPs.
Option C is wrong because it does not correlate with other tables.