Effective Advanced Hunting query to search all host in specifiyed subnetwork

New Contributor

Dear folks,

 

Could you please help me to create a AH query in WDATP.

 

I need to search all host in sub-network. For example I would like to find all hosts in 192.168.20.64/27

 

Regards

1 Reply

@mparpaleyyou can get the local IP address via DeviceNetworkInfo, so maybe something the code  will help you.

Because the "ipAddresses" are a string it is difficult to say startwith or endwith, so I took just the contains of "192.168.20" and not exactly your subnet. Hope this brings you closer to your goal.

 

let ipAddressParam = "192.168.20";
DeviceNetworkInfo
| where IPAddresses contains strcat(ipAddressParam) and NetworkAdapterStatus == "Up"
| project DeviceName, Timestamp, IPAddresses
| summarize arg_max(Timestamp, *) by DeviceName