Updated queries to remove deviceType filter
This commit is contained in:
YuvalFeldmanMicrosoft
Родитель
9ad41e765b
Коммит
f60cb110a3
|
|
@ -45,7 +45,6 @@ query: |
|
|||
SensorId, LastActivity = todatetime(LastActivity), Bandwidth = todouble(Bandwidth), Protocol, ServerPort
|
||||
| summarize TotalBandwidth = sum(Bandwidth), LastActivity = max(LastActivity), Protocols = make_set(Protocol), ServerPorts = make_set(ServerPort) by DeviceGUID, DeviceName, IpAddress = tostring(DeviceIp), IoTDevice_DeviceType = tostring(DeviceType)
|
||||
| project-rename TotalBandwidth_MB = TotalBandwidth
|
||||
| where IoTDevice_DeviceType in ("Domain Controller", "DB Server", "Workstation", "Server", "Terminal Station", "Storage", "Smart Phone", "Tablet", "Backup Server ")
|
||||
| extend TotalBandwidth_MB = floor(todecimal(TotalBandwidth_MB / 1000), 0.1)
|
||||
| project Host_HostName = DeviceName, Host_Aux_IpAddress = IpAddress,Host_Aux_Type = IoTDevice_DeviceType, Host_Aux_LastActivity = LastActivity, Host_Aux_Protocols = Protocols, Host_Aux_ServerPorts = ServerPorts, Host_Aux_TotalBandwidth_MB = TotalBandwidth_MB
|
||||
| top 10 by Host_Aux_TotalBandwidth_MB
|
||||
|
|
|
|||
|
|
@ -45,8 +45,6 @@ query: |
|
|||
SensorId, LastActivity = todatetime(LastActivity), Bandwidth = todouble(Bandwidth), Protocol, ServerPort, Direction
|
||||
| summarize TotalBandwidth = sum(Bandwidth), LastActivity = max(LastActivity), Protocols = make_set(Protocol), ServerPorts = make_set(ServerPort) by IoTDevice_DeviceId = DeviceGUID, IoTDevice_IpAddress = tostring(DeviceIp), IoTDevice_DeviceType = tostring(DeviceType), DeviceIsExternal = tostring(DeviceIsExternal)
|
||||
| project-rename TotalBandwidth_MB = TotalBandwidth
|
||||
| where IoTDevice_DeviceType in ("", "Unknown", "Internet", "Group") or
|
||||
IoTDevice_DeviceType in ("Multicast/Broadcast", "Wireless Access Point", "Router", "Switch", "Firewall", "VPN Gateway", "NTP Server", "Wifi Pineapple", "Physical Location", "I/O Adapter", "Protocol Converter")
|
||||
| project IP_Address = IoTDevice_IpAddress, IP_Aux_DeviceType = IoTDevice_DeviceType, IP_Aux_LastActivity = LastActivity, IP_Aux_Protocols = Protocols, IP_Aux_ServerPorts = ServerPorts, IP_Aux_TotalBandwidth_MB = TotalBandwidth_MB, IP_Aux_IsExternal = DeviceIsExternal
|
||||
| extend IP_Aux_TotalBandwidth_MB = floor(todecimal(IP_Aux_TotalBandwidth_MB / 1000), 0.1)
|
||||
| top 10 by IP_Aux_TotalBandwidth_MB
|
||||
|
|
|
|||
|
|
@ -44,7 +44,6 @@ query: |
|
|||
SensorId, LastActivity = todatetime(LastActivity), Bandwidth = todouble(Bandwidth), Protocol, ServerPort
|
||||
| summarize TotalBandwidth = sum(Bandwidth), IoTDevice_Aux_LastActivity = max(LastActivity), IoTDevice_Aux_Protocols = make_set(Protocol), IoTDevice_Aux_ServerPorts = make_set(ServerPort) by IoTDevice_DeviceId = DeviceGUID, IoTDevice_DeviceName = DeviceName, IoTDevice_IpAddress = pack('Address',tostring(DeviceIp)), IoTDevice_DeviceType = tostring(DeviceType)
|
||||
| project-rename IoTDevice_Aux_TotalBandwidth_MB = TotalBandwidth
|
||||
| where IoTDevice_DeviceType !in ("", "Unknown", "Internet", "Group") and IoTDevice_DeviceType !in ("Multicast/Broadcast", "Wireless Access Point", "Router", "Switch", "Firewall", "VPN Gateway", "NTP Server", "Wifi Pineapple", "Physical Location", "I/O Adapter", "Protocol Converter") and IoTDevice_DeviceType !in ("Domain Controller", "DB Server", "Workstation", "Server", "Terminal Station", "Storage", "Smart Phone", "Tablet", "Backup Server ")
|
||||
| extend IoTDevice_Aux_TotalBandwidth_MB = floor(todecimal(IoTDevice_Aux_TotalBandwidth_MB / 1000), 0.1)
|
||||
| top 10 by IoTDevice_Aux_TotalBandwidth_MB
|
||||
};
|
||||
|
|
|
|||
|
|
@ -45,7 +45,6 @@ query: |
|
|||
SensorId, LastActivity = todatetime(LastActivity), Bandwidth = todouble(Bandwidth), Protocol, ServerPort
|
||||
| summarize TotalBandwidth = sum(Bandwidth), LastActivity = max(LastActivity), Protocols = make_set(Protocol), ServerPorts = make_set(ServerPort) by DeviceGUID, DeviceName, IpAddress = tostring(DeviceIp), IoTDevice_DeviceType = tostring(DeviceType)
|
||||
| project-rename TotalBandwidth_MB = TotalBandwidth
|
||||
| where IoTDevice_DeviceType in ("Domain Controller", "DB Server", "Workstation", "Server", "Terminal Station", "Storage", "Smart Phone", "Tablet", "Backup Server ")
|
||||
| extend TotalBandwidth_MB = floor(todecimal(TotalBandwidth_MB / 1000), 0.1)
|
||||
| project Host_HostName = DeviceName, Host_Aux_IpAddress = IpAddress, Host_Aux_Type = IoTDevice_DeviceType, Host_Aux_LastActivity = LastActivity, Host_Aux_Protocols = Protocols, Host_Aux_ServerPorts = ServerPorts, Host_Aux_TotalBandwidth_MB = TotalBandwidth_MB
|
||||
| top 10 by Host_Aux_TotalBandwidth_MB
|
||||
|
|
|
|||
|
|
@ -43,8 +43,6 @@ query: |
|
|||
SensorId, LastActivity = todatetime(LastActivity), Bandwidth = todouble(Bandwidth), Protocol, ServerPort, Direction
|
||||
| summarize TotalBandwidth = sum(Bandwidth), LastActivity = max(LastActivity), Protocols = make_set(Protocol), ServerPorts = make_set(ServerPort) by IoTDevice_DeviceId = DeviceGUID, IoTDevice_IpAddress = tostring(DeviceIp), IoTDevice_DeviceType = tostring(DeviceType), DeviceIsExternal = tostring(DeviceIsExternal)
|
||||
| project-rename TotalBandwidth_MB = TotalBandwidth
|
||||
| where IoTDevice_DeviceType in ("", "Unknown", "Internet", "Group") or
|
||||
IoTDevice_DeviceType in ("Multicast/Broadcast", "Wireless Access Point", "Router", "Switch", "Firewall", "VPN Gateway", "NTP Server", "Wifi Pineapple", "Physical Location", "I/O Adapter", "Protocol Converter")
|
||||
| project IP_Address = IoTDevice_IpAddress, IP_Aux_DeviceType = IoTDevice_DeviceType, IP_Aux_LastActivity = LastActivity, IP_Aux_Protocols = Protocols, IP_Aux_ServerPorts = ServerPorts, IP_Aux_TotalBandwidth_MB = TotalBandwidth_MB, IP_Aux_IsExternal = DeviceIsExternal
|
||||
| extend IP_Aux_TotalBandwidth_MB = floor(todecimal(IP_Aux_TotalBandwidth_MB / 1000), 0.1)
|
||||
| top 10 by IP_Aux_TotalBandwidth_MB
|
||||
|
|
|
|||
|
|
@ -45,9 +45,6 @@ query: |
|
|||
SensorId, LastActivity = todatetime(LastActivity), Bandwidth = todouble(Bandwidth), Protocol, ServerPort
|
||||
| summarize TotalBandwidth = sum(Bandwidth), IoTDevice_Aux_LastActivity = max(LastActivity), IoTDevice_Aux_Protocols = make_set(Protocol), IoTDevice_Aux_ServerPorts = make_set(ServerPort) by IoTDevice_DeviceId = DeviceGUID, IoTDevice_DeviceName = DeviceName, IoTDevice_IpAddress = pack('Address',tostring(DeviceIp)), IoTDevice_DeviceType = tostring(DeviceType)
|
||||
| project-rename IoTDevice_Aux_TotalBandwidth_MB = TotalBandwidth
|
||||
| where IoTDevice_DeviceType !in ("", "Unknown", "Internet", "Group") and
|
||||
IoTDevice_DeviceType !in ("Multicast/Broadcast", "Wireless Access Point", "Router", "Switch", "Firewall", "VPN Gateway", "NTP Server", "Wifi Pineapple", "Physical Location", "I/O Adapter", "Protocol Converter")
|
||||
and IoTDevice_DeviceType !in ("Domain Controller", "DB Server", "Workstation", "Server", "Terminal Station", "Storage", "Smart Phone", "Tablet", "Backup Server ")
|
||||
| extend IoTDevice_Aux_TotalBandwidth_MB = floor(todecimal(IoTDevice_Aux_TotalBandwidth_MB / 1000), 0.1)
|
||||
| top 10 by IoTDevice_Aux_TotalBandwidth_MB
|
||||
};
|
||||
|
|
|
|||
|
|
@ -45,7 +45,6 @@ query: |
|
|||
SensorId, LastActivity = todatetime(LastActivity), Bandwidth = todouble(Bandwidth), Protocol, ServerPort
|
||||
| summarize TotalBandwidth = sum(Bandwidth), LastActivity = max(LastActivity), Protocols = make_set(Protocol), ServerPorts = make_set(ServerPort) by DeviceGUID, DeviceName, IpAddress = tostring(DeviceIp), IoTDevice_DeviceType = tostring(DeviceType)
|
||||
| project-rename TotalBandwidth_MB = TotalBandwidth
|
||||
| where IoTDevice_DeviceType in ("Domain Controller", "DB Server", "Workstation", "Server", "Terminal Station", "Storage", "Smart Phone", "Tablet", "Backup Server ")
|
||||
| extend TotalBandwidth_MB = floor(todecimal(TotalBandwidth_MB / 1000), 0.1)
|
||||
| project Host_HostName = DeviceName, Host_Aux_IpAddress = IpAddress, Host_Aux_Type = IoTDevice_DeviceType, Host_Aux_LastActivity = LastActivity, Host_Aux_Protocols = Protocols, Host_Aux_ServerPorts = ServerPorts, Host_Aux_TotalBandwidth_MB = TotalBandwidth_MB
|
||||
| top 10 by Host_Aux_TotalBandwidth_MB
|
||||
|
|
|
|||
|
|
@ -43,8 +43,6 @@ query: |
|
|||
SensorId, LastActivity = todatetime(LastActivity), Bandwidth = todouble(Bandwidth), Protocol, ServerPort
|
||||
| summarize TotalBandwidth = sum(Bandwidth), LastActivity = max(LastActivity), Protocols = make_set(Protocol), ServerPorts = make_set(ServerPort) by DeviceGUID, IpAddress = tostring(DeviceIp), IoTDevice_DeviceType = tostring(DeviceType), DeviceIsExternal = tostring(DeviceIsExternal)
|
||||
| project-rename TotalBandwidth_MB = TotalBandwidth
|
||||
| where IoTDevice_DeviceType in ("", "Unknown", "Internet", "Group") or
|
||||
IoTDevice_DeviceType in ("Multicast/Broadcast", "Wireless Access Point", "Router", "Switch", "Firewall", "VPN Gateway", "NTP Server", "Wifi Pineapple", "Physical Location", "I/O Adapter", "Protocol Converter")
|
||||
| project IP_Address = IpAddress, IP_Aux_DeviceType = IoTDevice_DeviceType, IP_Aux_LastActivity = LastActivity, IP_Aux_Protocols = Protocols, IP_Aux_ServerPorts = ServerPorts, IP_Aux_TotalBandwidth_MB = TotalBandwidth_MB, IP_Aux_IsExternal = DeviceIsExternal
|
||||
| extend IP_Aux_TotalBandwidth_MB = floor(todecimal(IP_Aux_TotalBandwidth_MB / 1000), 0.1)
|
||||
| top 10 by IP_Aux_TotalBandwidth_MB
|
||||
|
|
|
|||
|
|
@ -43,9 +43,8 @@ query: |
|
|||
DeviceIp = iff(Direction == "Outbound", ServerIpAddress, ClientIpAddress),
|
||||
DeviceName = iff(Direction == "Outbound", ServerDeviceName, ClientDeviceName),
|
||||
SensorId, LastActivity = todatetime(LastActivity), Bandwidth = todouble(Bandwidth), Protocol, ServerPort
|
||||
| summarize TotalBandwidth = sum(Bandwidth), IoTDevice_Aux_LastActivity = max(LastActivity), IoTDevice_Aux_Protocols = make_set(Protocol), IoTDevice_Aux_ServerPorts = make_set(ServerPort) by IoTDevice_DeviceId = DeviceGUID, IoTDevice_DeviceName = DeviceName, IoTDevice_IpAddress = pack('Address',tostring(DeviceIp)), IoTDevice_DeviceType = tostring(DeviceType)
|
||||
| summarize TotalBandwidth = sum(Bandwidth), IoTDevice_Aux_LastActivity = max(LastActivity), IoTDevice_Aux_Protocols = make_set(Protocol), IoTDevice_Aux_ServerPorts = make_set(ServerPort) by IoTDevice_DeviceId = DeviceGUID, IoTDevice_DeviceName = DeviceName, IoTDevice_IpAddress = tostring(pack('Address',tostring(DeviceIp))), IoTDevice_DeviceType = tostring(DeviceType)
|
||||
| project-rename IoTDevice_Aux_TotalBandwidth_MB = TotalBandwidth
|
||||
| where IoTDevice_DeviceType !in ("", "Unknown", "Internet", "Multicast/Broadcast")
|
||||
| extend IoTDevice_Aux_TotalBandwidth_MB = floor(todecimal(IoTDevice_Aux_TotalBandwidth_MB / 1000), 0.1)
|
||||
| top 10 by IoTDevice_Aux_TotalBandwidth_MB
|
||||
};
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче