Forum Discussion

mparpaley's avatar
mparpaley
Copper Contributor
Jun 16, 2020

Effective Advanced Hunting query to search all host in specifiyed subnetwork

Dear folks,

 

Could you please help me to create a AH query in WDATP.

 

I need to search all host in sub-network. For example I would like to find all hosts in 192.168.20.64/27

 

Regards

  • NiklasM's avatar
    NiklasM
    Brass Contributor

    mparpaleyyou can get the local IP address via DeviceNetworkInfo, so maybe something the code  will help you.

    Because the "ipAddresses" are a string it is difficult to say startwith or endwith, so I took just the contains of "192.168.20" and not exactly your subnet. Hope this brings you closer to your goal.

     

    let ipAddressParam = "192.168.20";
    DeviceNetworkInfo
    | where IPAddresses contains strcat(ipAddressParam) and NetworkAdapterStatus == "Up"
    | project DeviceName, Timestamp, IPAddresses
    | summarize arg_max(Timestamp, *) by DeviceName
     

     
     

Resources