Query Details
Countries Where Agented Computers Report From
Query
//Countries where your agented computers are reporting from union isfuzzy=true (Heartbeat | extend TrafficDirection = "InboundOrUnknown", Country=RemoteIPCountry, Latitude=RemoteIPLatitude, Longitude=RemoteIPLongitude) | where TimeGenerated > ago(7d) | where isnotempty(Country) and isnotempty(Latitude) and isnotempty(Longitude) | distinct Country
Explanation
This query retrieves the countries where your agented computers are reporting from. It looks at the Heartbeat data and adds information about the traffic direction, country, latitude, and longitude. The query filters the results to only include data from the past 7 days and removes any entries without country, latitude, or longitude information. Finally, it returns a list of distinct countries.
Details
Rod Trent
Released: July 16, 2020
Tables
Heartbeat
Keywords
Countries,Heartbeat,TrafficDirection,RemoteIPCountry,RemoteIPLatitude,RemoteIPLongitude,TimeGenerated
Operators
unionisfuzzyextendwhereTimeGeneratedagoisnotemptydistinct