← Back to Explore
kqlHunting
MDA - IP Address Type
Detection Query
CloudAppEvents
| where isnotempty(IPAddress)
| summarize count() by IPCategory
| extend IPCategory = iff(isempty(IPCategory),IPCategory="Normal",IPCategory)Data Sources
CloudAppEvents
Tags
defender
Raw Content
CloudAppEvents
| where isnotempty(IPAddress)
| summarize count() by IPCategory
| extend IPCategory = iff(isempty(IPCategory),IPCategory="Normal",IPCategory)