← Back to Explore
kqlHunting
List risky IP activities
This query activities from a Risky IP
Detection Query
CloudAppEvents
| where IPCategory == "Risky"
| project Timestamp, ActionType, IPAddress, IPCategory, ISP, RawEventDataData Sources
CloudAppEvents
Platforms
azure-sentinelmicrosoft-defender
Tags
defender-for-cloud-apps
Raw Content
# List risky IP activities
## Query Information
#### Description
This query activities from a Risky IP
## Defender XDR
```KQL
CloudAppEvents
| where IPCategory == "Risky"
| project Timestamp, ActionType, IPAddress, IPCategory, ISP, RawEventData
```
## Sentinel
```KQL
CloudAppEvents
| where IPCategory == "Risky"
| project TimeGenerated, ActionType, IPAddress, IPCategory, ISP, RawEventData
```