KQL Search

Query Details

Ransomware APT Notes Join Table

Query

# APTNotes table that can be used to join with other data connectors
----
### Defender For Endpoint

```
let APTInfo = externaldata(Filename: string, Title: string, Source: 
string, Link: string, SHA1: string, Date: datetime, Year: int)
[@"https://raw.githubusercontent.com/aptnotes/data/master/APTnotes.csv"] 
with (format="csv", ignoreFirstRecord=True);
APTInfo
| where Year > 2015
```
### Sentinel
```
let APTInfo = externaldata(Filename: string, Title: string, Source: 
string, Link: string, SHA1: string, Date: datetime, Year: int)
[@"https://raw.githubusercontent.com/aptnotes/data/master/APTnotes.csv"] 
with (format="csv", ignoreFirstRecord=True);
APTInfo
| where Year > 2015

```

Explanation

The query retrieves data from the APTNotes table, which can be used to join with other data connectors. It filters the data to only include records with a Year value greater than 2015.

Details

Bert-Jan Pals

Released: February 14, 2023

Tables

APTInfo

Keywords

Keywords:APTNotes,DefenderForEndpoint,Sentinel

Operators

externaldatawithformatignoreFirstRecordwhere

KQL Search

Ransomware APT Notes Join Table

Query

Explanation

Details

Actions