Query Details
Consumer VPN Logins
Query
let VPNRanges = externaldata (IpRange:string) [@'https://raw.githubusercontent.com/X4BNet/lists_vpn/main/output/vpn/ipv4.txt'] with (format=txt); SigninLogs | where isnotempty(IPAddress) | evaluate ipv4_lookup(VPNRanges, IPAddress, IpRange) | project TimeGenerated, UserPrincipalName, IPAddress, UserAgent
Explanation
This query looks at a list of VPN IP ranges and matches them with IP addresses in SigninLogs data. It then shows the time, user, IP address, and user agent for each match.
Details
@jbaz_t
Released: June 7, 2024
Tables
VPNRangesSigninLogs
Keywords
SigninLogs,IPAddress,UserPrincipalName,UserAgent,TimeGenerated,VPNRanges,IpRange,ipv4_lookup
Operators
whereisnotemptyevaluateipv4_lookupproject