Query Details
Wireshark RSS Traffic
Query
//RSS traffic Wireshark_CL | where TimeGenerated > ago(1d) | where RawData contains "rss.channel.item.link" | distinct RawData
Explanation
This query is looking at Wireshark logs for RSS traffic. It filters the logs to only include data from the past day and looks for entries that contain the text "rss.channel.item.link". It then returns only the unique entries for the RawData field.
Details
Rod Trent
Released: July 23, 2020
Tables
Wireshark_CL
Keywords
RSS,Wireshark,TimeGenerated,RawData
Operators
whereagocontainsdistinct