Created
March 2, 2024 03:48
-
-
Save mgreen27/670142f39d3e0269c2ad3da53801846b to your computer and use it in GitHub Desktop.
Notebook to find internal IP
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LET find_flows(clientid,artifact) = SELECT * | |
| FROM flatten(query={ SELECT client_id, session_id,artifacts_with_results,start_time,state FROM flows(client_id=clientid) }) | |
| WHERE artifacts_with_results = artifact | |
| LIMIT 1 -- will collect latest | |
| LET results = SELECT | |
| client_id as ClientId, | |
| os_info.hostname as Hostname, | |
| os_info.fqdn as Fqdn, | |
| agent_information.version as AgentVersion, | |
| os_info.system as OSType, | |
| os_info.release as OS, | |
| os_info.machine as Arch, | |
| os_info.mac_addresses as MacAddresses, | |
| split(sep=':',string=last_ip)[0] as LastExternalIp, | |
| timestamp(epoch=first_seen_at) as FirstSeen, | |
| timestamp(epoch=last_seen_at) as LastSeen, | |
| find_flows(clientid=client_id,artifact='Generic.Client.Info/WindowsInfo')[0].session_id as FlowId | |
| FROM clients() | |
| SELECT * FROM foreach(row=results, query={ | |
| SELECT | |
| ClientId, | |
| Hostname, | |
| Fqdn, | |
| AgentVersion, | |
| OSType, | |
| OS, | |
| Arch, | |
| LastExternalIp, | |
| FirstSeen, | |
| LastSeen, | |
| `Network Info` as NetworkInfo | |
| FROM source(artifact='Generic.Client.Info/WindowsInfo',client_id=ClientId,flow_id=FlowId) | |
| },workers=100) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment