KQL Search

Query Details

HomeAI ToolsDevice Query

Internet Facing Devices

Query

Tags:


Query:

DeviceInfo
| where IsInternetFacing 
| extend parsed = parse_json(AdditionalFields)
| where isnotempty(parsed.InternetFacingPublicScannedIp)
| project DeviceName, parsed.InternetFacingLocalIp, parsed.InternetFacingPublicScannedIp


References

Explanation

Sure! Here's a simple summary of the query:

  1. Data Source: The query starts by looking at a table called DeviceInfo.
  2. Filter: It filters the data to only include devices that are facing the internet (IsInternetFacing is true).
  3. Parse JSON: It then parses a JSON field called AdditionalFields into a new column named parsed.
  4. Filter Again: It further filters the data to only include rows where the InternetFacingPublicScannedIp field in the parsed JSON is not empty.
  5. Select Columns: Finally, it selects and displays three columns: DeviceName, parsed.InternetFacingLocalIp, and parsed.InternetFacingPublicScannedIp.

In summary, this query identifies internet-facing devices and extracts specific IP information from them.

Details

Ali Hussein profile picture

Ali Hussein

Released: July 25, 2024

Tables

DeviceInfo

Keywords

Devices

Operators

whereextendparse_jsonisnotemptyproject

Actions