Query Details
CIDRASN Details For The Remote I Ps Connections Attempts
Query
let CIDRASN = (externaldata (CIDR:string, CIDRASN:int, CIDRASNName:string) ['https://firewalliplists.gypthecat.com/lists/kusto/kusto-cidr-asn.csv.zip'] with (ignoreFirstRecord=true)); DeviceNetworkEvents | where RemoteIPType == "Public" | evaluate ipv4_lookup(CIDRASN, RemoteIP, CIDR, return_unmatched=true) | extend GeoIPData = geo_info_from_ip_address(RemoteIP)
Explanation
This query looks up the Autonomous System Number (ASN) and ASN name for public IP addresses in DeviceNetworkEvents data. It then adds geographical information for each IP address.
Details
Sergio Albea
Released: June 7, 2024
Tables
CIDRASNDeviceNetworkEvents
Keywords
DeviceNetworkEvents,RemoteIPType,RemoteIP,CIDRASN,GeoIPData
Operators
whereevaluateextend