Skip to content
This repository was archived by the owner on Nov 16, 2023. It is now read-only.

Commit ecdb40b

Browse files
mjmelonemjmelone
authored
Create Devices by DNS Suffix.csl
1 parent 28445d5 commit ecdb40b

File tree

1 file changed

+13
-0
lines changed

1 file changed

+13
-0
lines changed

General queries/Devices by DNS Suffix.csl

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
/////////////////////////////////////////////////////////////////////
2+
// Devices by DNS Suffix
3+
//
4+
// This query will count the number of devices in Defender ATP based
5+
// on their DNS suffix. For a full list of devices with the DNS
6+
// suffix, comment out or remove the last line.
7+
/////////////////////////////////////////////////////////////////////
8+
DeviceInfo
9+
| where isnotempty(OSPlatform)
10+
| summarize arg_max(Timestamp, DeviceName) by DeviceId
11+
| extend DeviceMachineName = split(DeviceName, '.')[0]
12+
| extend DeviceDomain = substring(DeviceName, strlen(DeviceMachineName) + 1, strlen(DeviceName) - strlen(DeviceMachineName) - 1)
13+
| summarize count() by DeviceDomain

0 commit comments

Comments
 (0)