KQL Search

Query Details

Monitor Hosts File

Query

Use Case: The hosts file located at C:\Windows\System32\drivers\etc\hosts is utilized for DNS resolution. Alterations made to this file have the capability to reroute network traffic or prevent software updates from occurring.

Query:

FileInfo('c:\windows\system32\drivers\etc\hosts') 
| project Path, FileName, SizeBytes, LastModifiedDateTime, Attributes

Explanation

The query retrieves information about the hosts file located at C:\Windows\System32\drivers\etc\hosts. It includes details such as the file path, name, size, last modified date, and attributes.

Details

Ugur Koc

Released: February 4, 2024

Tables

FileInfo

Keywords

FileInfo,Path,FileName,SizeBytes,LastModifiedDateTime,Attributes

Operators

|FileInfoproject

KQL Search

Monitor Hosts File

Query

Explanation

Details

Actions