Update WebShellActivity.yaml

Exclude local addresses, using the ipv4_is_private operator
2022-04-26 14:22:02 +05:30 · 2022-04-26 14:22:02 +05:30 · d1c6d1506b
--- a/Queries/W3CIISLog/WebShellActivity.yaml
+++ b/Queries/W3CIISLog/WebShellActivity.yaml
@ -25,7 +25,8 @@ query: |
  let lookback_period = (
  W3CIISLog
  | where TimeGenerated between (lookback .. starttime)
-  | where not(ipv4_is_private(cIP)) and cIP != "127.0.0.1"
+  //Exclude local addresses, using the ipv4_is_private operator
+  | where ipv4_is_private(cIP) == false and  cIP !startswith "fe80" and cIP !startswith "::" and cIP !startswith "127."
  | summarize count() by cIP, csUserAgent
  | project cIP, csUserAgent
  );