Effective Advanced Hunting query to search all host in specifiyed subnetwork

Copper Contributor

Dear folks,


Could you please help me to create a AH query in WDATP.


I need to search all host in sub-network. For example I would like to find all hosts in



1 Reply

@mparpaleyyou can get the local IP address via DeviceNetworkInfo, so maybe something the code  will help you.

Because the "ipAddresses" are a string it is difficult to say startwith or endwith, so I took just the contains of "192.168.20" and not exactly your subnet. Hope this brings you closer to your goal.


let ipAddressParam = "192.168.20";
| where IPAddresses contains strcat(ipAddressParam) and NetworkAdapterStatus == "Up"
| project DeviceName, Timestamp, IPAddresses
| summarize arg_max(Timestamp, *) by DeviceName