KQL Search

Query Details

KQL Search Visits

Query

# KQLSearch Visits

## Query Information

#### Description
Visualize the visits to [kqlsearch.com](kqlsearch.com) in a columnchart.

#### References
- https://www.kqlsearch.com/

## Defender For Endpoint
```KQL
DeviceNetworkEvents
| where RemoteUrl has "kqlsearch.com"
| summarize TotalDevices = dcount(DeviceId) by bin(Timestamp, 1d)
| render columnchart with(title="KQLSearch.com visits", xtitle="Date", ytitle="TotalDevices")
```
## Sentinel
```KQL
DeviceNetworkEvents
| where RemoteUrl has "kqlsearch.com"
| summarize TotalDevices = dcount(DeviceId) by bin(TimeGenerated, 1d)
| render columnchart with(title="KQLSearch.com visits", xtitle="Date", ytitle="TotalDevices")
```

Explanation

This query is used to visualize the visits to kqlsearch.com in a column chart. It retrieves the DeviceNetworkEvents where the RemoteUrl contains "kqlsearch.com". It then summarizes the total number of unique devices (TotalDevices) by binning the Timestamp (or TimeGenerated in Sentinel) into 1-day intervals. Finally, it renders the data in a column chart with the title "KQLSearch.com visits" and the x-axis labeled as "Date" and the y-axis labeled as "TotalDevices".

Details

Bert-Jan Pals

Released: December 29, 2023

Tables

DeviceNetworkEvents

Keywords

Devices,Intune,User

Operators

wherehassummarizedcountbybinrender

KQL Search

KQL Search Visits

Query

Explanation

Details

Actions