Query Details
Threat Intel Bag
Query
//Snippet of KQL query to create a bag of TI to reference later in the query let TI_Bag = ThreatIntelligenceIndicator | where isnotempty(NetworkSourceIP) | project NetworkSourceIP;
Explanation
This KQL query creates a bag of Threat Intelligence indicators by selecting the NetworkSourceIP values that are not empty. These indicators can be referenced later in the query.
Details
Rod Trent
Released: April 17, 2023
Tables
ThreatIntelligenceIndicator
Keywords
ThreatIntelligenceIndicator,NetworkSourceIP,project
Operators
letwhereisnotemptyproject