Forum Discussion
mparpaley
Jun 16, 2020Copper Contributor
Effective Advanced Hunting query to search all host in specifiyed subnetwork
Dear folks,
Could you please help me to create a AH query in WDATP.
I need to search all host in sub-network. For example I would like to find all hosts in 192.168.20.64/27
Regards
- NiklasMBrass Contributor
mparpaleyyou can get the local IP address via DeviceNetworkInfo, so maybe something the code will help you.
Because the "ipAddresses" are a string it is difficult to say startwith or endwith, so I took just the contains of "192.168.20" and not exactly your subnet. Hope this brings you closer to your goal.
let ipAddressParam = "192.168.20";DeviceNetworkInfo| where IPAddresses contains strcat(ipAddressParam) and NetworkAdapterStatus == "Up"| project DeviceName, Timestamp, IPAddresses| summarize arg_max(Timestamp, *) by DeviceName