{"id":77,"date":"2024-01-12T09:44:04","date_gmt":"2024-01-12T09:44:04","guid":{"rendered":"https:\/\/cyber-resilience.mobi\/?p=77"},"modified":"2024-01-12T10:05:06","modified_gmt":"2024-01-12T10:05:06","slug":"requete-pour-verifier-les-echecs-de-connexion-reseau-a-microsoft-defender-pour-les-url-de-point-de-terminaison","status":"publish","type":"post","link":"https:\/\/cyber-resilience.mobi\/?p=77","title":{"rendered":"KQL V\u00e9rification des \u00e9checs de connexion r\u00e9seau \u00e0 Microsoft Defender pour les URL de point de terminaison."},"content":{"rendered":"\n<pre class=\"wp-block-code\"><code>let TargetURLs = dynamic(&#91;'crl.microsoft.com',\r\n'ctldl.windowsupdate.com',\r\n'www.microsoft.com',\r\n'events.data.microsoft.com',\r\n'login.microsoftonline.com',\r\n'login.live.com',\r\n'settings-win.data.microsoft.com',\r\n'x.cp.wd.microsoft.com',\r\n'cdn.x.cp.wd.microsoft.com',\r\n'eu-cdn.x.cp.wd.microsoft.com',\r\n'wu-cdn.x.cp.wd.microsoft.com',\r\n'officecdn-microsoft-com.akamaized.net',\r\n'packages.microsoft.com',\r\n'login.windows.net  ',\r\n'unitedstates.x.cp.wd.microsoft.com',\r\n'us.vortex-win.data.microsoft.com',\r\n'us-v20.events.data.microsoft.com',\r\n'winatp-gw-cus.microsoft.com',\r\n'winatp-gw-eus.microsoft.com',\r\n'winatp-gw-cus3.microsoft.com',\r\n'winatp-gw-eus3.microsoft.com',\r\n'automatedirstrprdcus.blob.core.windows.net',\r\n'automatedirstrprdeus.blob.core.windows.net',\r\n'automatedirstrprdcus3.blob.core.windows.net',\r\n'automatedirstrprdeus3.blob.core.windows.net',\r\n'ussus1eastprod.blob.core.windows.net',\r\n'ussus2eastprod.blob.core.windows.net',\r\n'ussus3eastprod.blob.core.windows.net',\r\n'ussus4eastprod.blob.core.windows.net',\r\n'wsus1eastprod.blob.core.windows.net',\r\n'wsus2eastprod.blob.core.windows.net',\r\n'ussus1westprod.blob.core.windows.net',\r\n'ussus2westprod.blob.core.windows.net',\r\n'ussus3westprod.blob.core.windows.net',\r\n'ussus4westprod.blob.core.windows.net',\r\n'wsus1westprod.blob.core.windows.net',\r\n'wsus2westprod.blob.core.windows.net',\r\n'europe.x.cp.wd.microsoft.com',\r\n'eu.vortex-win.data.microsoft.com',\r\n'eu-v20.events.data.microsoft.com',\r\n'winatp-gw-neu.microsoft.com',\r\n'winatp-gw-weu.microsoft.com',\r\n'automatedirstrprdneu.blob.core.windows.net',\r\n'automatedirstrprdweu.blob.core.windows.net',\r\n'usseu1northprod.blob.core.windows.net',\r\n'wseu1northprod.blob.core.windows.net',\r\n'usseu1westprod.blob.core.windows.net',\r\n'wseu1westprod.blob.core.windows.net',\r\n'unitedkingdom.x.cp.wd.microsoft.com',\r\n'uk.vortex-win.data.microsoft.com',\r\n'uk-v20.events.data.microsoft.com',\r\n'winatp-gw-uks.microsoft.com',\r\n'winatp-gw-ukw.microsoft.com',\r\n'automatedirstrprduks.blob.core.windows.net',\r\n'automatedirstrprdukw.blob.core.windows.net',\r\n'ussuk1southprod.blob.core.windows.net',\r\n'wsuk1southprod.blob.core.windows.net',\r\n'ussuk1westprod.blob.core.windows.net',\r\n'wsuk1westprod.blob.core.windows.net',\r\n'go.microsoft.com ',\r\n'definitionupdates.microsoft.com ',\r\n'fe3cr.delivery.mp.microsoft.com\/ClientWebService\/client.asmx',\r\n'msdl.microsoft.com',\r\n'vortex-win.data.microsoft.com']);\r\nDeviceNetworkEvents\r\n| where isnotempty(RemoteUrl) and ActionType == 'ConnectionFailed'\r\n| extend Domain = case(RemoteUrl contains \"\/\/\", parse_url(RemoteUrl).Host, RemoteUrl)\r\n| where Domain in(TargetURLs)\r\n| summarize arg_max(Timestamp, DeviceName), ConnectionFailures = count() by DeviceId, Domain\r\n| extend DomainDetails = pack(Domain, ConnectionFailures)\r\n| summarize DomainDetails = make_list(DomainDetails), LastConnectionFailure = any(Timestamp), DeviceName = any(DeviceName), TotalConnectionFailures = sum(ConnectionFailures) by DeviceId\r\n| order by TotalConnectionFailures desc<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[21,18,19],"class_list":["post-77","post","type-post","status-publish","format-standard","hentry","category-kql","tag-defender","tag-kql","tag-kusto"],"_links":{"self":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/77","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=77"}],"version-history":[{"count":2,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/77\/revisions"}],"predecessor-version":[{"id":97,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=\/wp\/v2\/posts\/77\/revisions\/97"}],"wp:attachment":[{"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=77"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=77"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyber-resilience.mobi\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=77"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}