Forum Discussion
help in kql query
hay I have a list of IP's and i want to check each one of them exist in the dns of the network adapter . So for one address this is fine: DeviceNetworkInfo | where DnsAddresses contains "192.16...
Rod_Trent
Microsoft
Microsoft
A couple options...
- Use the KQL let statement
- Use the externaldata operator (https://rodtrent.com/d9f)
- Use a Watchlist
Both let statement and Watchlist covered here: https://rodtrent.com/fsb
yongrheemsftMicrosoft
MicrosoftHi eladfe,
Additionally, we have a nice list of Advanced Hunting (AH) samples here: https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries and Azure Sentinel, has Advanced Hunting query samples here: https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries
Thanks,
Yong Rhee - MSFT
Additionally, we have a nice list of Advanced Hunting (AH) samples here: https://github.com/microsoft/Microsoft-365-Defender-Hunting-Queries and Azure Sentinel, has Advanced Hunting query samples here: https://github.com/Azure/Azure-Sentinel/tree/master/Hunting%20Queries
Thanks,
Yong Rhee - MSFT
