Skip to content

Commit

Permalink
Update Remote Desktop Network Traffic(ASIM Network Session schema).yaml
Browse files Browse the repository at this point in the history
  • Loading branch information
@praveenthepro
praveenthepro committed Mar 5, 2024
1 parent 237cd2a commit 82d8869
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion ...sentials/Hunting Queries/Remote Desktop Network Traffic(ASIM Network Session schema).yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,9 +22,10 @@ query: |
// Summarize the data by source IP, destination IP, destination port number, network protocol, and event result
// For each group, calculate the start time, end time, event count, and a set of up to 10 event vendors
| summarize Starttime= min(TimeGenerated),EndTime= max(TimeGenerated),Eventscount=sum(EventCount), EventVendors=make_set(EventVendor,10) by SrcIpAddr,DstIpAddr,DstPortNumber,NetworkProtocol,EventResult
| extend IP_0_SrcIpAddr = SrcIpAddr
entityMappings:
- entityType: IP
fieldMappings:
- identifier: Address
- identifier: SrcIpAddr
columnName: SrcIpAddr
version: 1.0.0

0 comments on commit 82d8869

Please sign in to comment.