This query visualizes the malware detection reasons in a piechart. This is based on the EmailPostDeliveryEvents table. This table in the advanced hunting schema contains information about post-delivery actions taken on email messages processed by Microsoft 365. Based on this information the differnt detection reasons are visualized.
EmailPostDeliveryEvents
| where ThreatTypes == "Malware"
| extend DetectionMethod = tostring(extract(@'Malware":\["(.*?)"]', 1, DetectionMethods))
| summarize TotalEvents = count() by DetectionMethod
| render piechart with(title="Malware Detection Reason Overview")EmailPostDeliveryEvents
| where ThreatTypes == "Malware"
| extend DetectionMethod = tostring(extract(@'Malware":\["(.*?)"]', 1, DetectionMethods))
| summarize TotalEvents = count() by DetectionMethod
| render piechart with(title="Malware Detection Reason Overview")