Forum Discussion
mparpaley
Jun 16, 2020Copper Contributor
Effective Advanced Hunting query to search all host in specifiyed subnetwork
Dear folks, Could you please help me to create a AH query in WDATP. I need to search all host in sub-network. For example I would like to find all hosts in 192.168.20.64/27 Regards
NiklasM
Jun 18, 2020Brass Contributor
mparpaleyyou can get the local IP address via DeviceNetworkInfo, so maybe something the code will help you.
Because the "ipAddresses" are a string it is difficult to say startwith or endwith, so I took just the contains of "192.168.20" and not exactly your subnet. Hope this brings you closer to your goal.
let ipAddressParam = "192.168.20";
DeviceNetworkInfo
| where IPAddresses contains strcat(ipAddressParam) and NetworkAdapterStatus == "Up"
| project DeviceName, Timestamp, IPAddresses
| summarize arg_max(Timestamp, *) by DeviceName