Communication To Greensnowco IP Blacklist

let BLgreensnow = externaldata(IPaddr: string)[@"https://blocklist.greensnow.co/greensnow.txt"] with (format="txt"); DeviceNetworkEvents | where ActionType == "ConnectionSuccess" | where RemoteIP in (BLgreensnow)

This query is checking for successful network connections made by devices to any IP addresses listed in the "greensnow" blocklist.

Details

Benjamin Zulliger

Released: June 7, 2024

Tables

DeviceNetworkEvents

Keywords

DeviceNetworkEvents,ActionType,ConnectionSuccess,RemoteIP,BLgreensnow

Operators

whereinwith_sourceprojectproject-awayextendsummarizesummarize-awaycountcountiftoptop-nestedtop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-summarizetop-nested-trend-summarizetop-hitters-trend-summarizetop-nested-hitters-trend-summarizetop-summarize-awaytop-nested-summarize-awaytop-hitters-summarize-awaytop-nested-hitters-summarize-awaytop-trend-summarize-awaytop-nested-trend-summarize-awaytop-hitters-trend-summarize-awaytop-nested-hitters-trend-summarize-awaytop-hitterstop-nested-hitterstop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtoptop-nestedtop-trendtop-nested-trendtop-hitters-trendtop-nested-hitters-trendtop-summarizetop-nested-summarizetop-hitters-summarizetop-nested-hitters-summarizetop-trend-sum

KQL Search

Communication To Greensnowco IP Blacklist

Query

Explanation

Details

Actions