Threat Intel Bag
Query
//Snippet of KQL query to create a bag of TI to reference later in the query
let TI_Bag = ThreatIntelligenceIndicator | where isnotempty(NetworkSourceIP) | project NetworkSourceIP;Explanation
This KQL query creates a bag of Threat Intelligence indicators by selecting the NetworkSourceIP values that are not empty. These indicators can be referenced later in the query.
Details

Rod Trent
Released: April 17, 2023
Tables
ThreatIntelligenceIndicator
Keywords
ThreatIntelligenceIndicatorNetworkSourceIPproject
Operators
letwhereisnotemptyproject