May 07 2019 05:09 PM
Hi Guys,
i have build a KQL code for MATP Hunting but i need some help, for now i can classify between a Realtek USB WiFi driver and the Lan Turtle... But i also want to report IP Address & Port its assigning to the Lan Turtle Device, here is my code below, and a screen shots what i can see for now
Kusto Code (KQL)
Device USB\VID_0BDA&PID_8152\00E04C365BD5 was configured.
Driver Name: rtux64w10.inf
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Driver Date: 09/20/2015
Driver Version: 10.5.920.2015
Driver Provider: Microsoft
Driver Section: RTL8152B.ndi.NT
Driver Rank: 0xFF0000
Matching Device Id: USB\VID_0BDA&PID_8152&REV_2000
Outranked Drivers: rtux64w10.inf:USB\VID_0BDA&PID_8152:00FF0001
Device Updated: false
Parent Device: USB\VID_045E&PID_0944\6&15ba3093&0&1
Dec 17 2020 12:00 PM
@jacques_van_zijl I am starting to look into this as well as BashBunny.
The network information on a device is also captured in the telemetry - there should be a way to get this data as well....