15 строки
1.2 KiB
Plaintext
15 строки
1.2 KiB
Plaintext
// Get information about the netwotk adapters of the given computer in the given time.
|
|
// This could include the configured IP addresses, DHCP servers, DNS servers, and more.
|
|
let DeviceIdParam = "c0bfefec0bfefec0bfefec0bfefec0bfefecafe";
|
|
let pivotTimeParam = datetime(2018-07-15T19:51);
|
|
DeviceNetworkInfo
|
|
// Query for reports sent +-15 minutes around the time we are interested in
|
|
| where Timestamp between ((pivotTimeParam-15m) .. 30m) and DeviceId == DeviceIdParam and NetworkAdapterStatus == "Up"
|
|
// IPAddresses contains a list of the IP addresses configured on the network adapter, their subnets, and more.
|
|
// Here we expand the list so that each value gets a separate row. All the other columns in the row, such as MacAddress, are duplicated.
|
|
| mvexpand parse_json(IPAddresses)
|
|
| project IPAddress=IPAddresses.IPAddress, AddressType=IPAddresses.AddressType, NetworkAdapterType, TunnelType, MacAddress,
|
|
ConnectedNetworks, Timestamp, TimeDifference=abs(Timestamp-pivotTimeParam)
|
|
// In case multiple machines have reported from that IP address arround that time, start with the ones reporting closest to pivotTimeParam
|
|
| sort by TimeDifference asc, NetworkAdapterType, MacAddress
|