Forum Discussion
MDE Advanced Hunting - Device Network Events - Remote IP Details
Does anyone know of a way to query the MDE IP details through Advanced hunting? I am specifically looking to add an ASN column to my KQL search results for remote IP addresses.
I don't see a way to do this, at first I thought maybe the /ip API but that only provides statistics on activity related to the IP. It may be like the virus total results for files, where MS has consciously chosen not to provide a bulk access to the data due to licensing concerns.