Queries for the WireData table
Agents that provide wire data
Agents providing wire data and sum of total bytes for each agent.
WireData
| summarize sum(TotalBytes) by Computer
IP Addresses of the agents providing wire data
IP Addresses of the agents providing wire data.
WireData
| summarize count() by LocalIP
All Outbound communications by Remote IP Address
All Outbound communications by Remote IP Address.
WireData
| where Direction == "Outbound"
| summarize count() by RemoteIP
Bytes sent by Application Protocol
Bytes sent by Application Protocol.
WireData
| where Direction == "Outbound"
| summarize sum(SentBytes) by ApplicationProtocol
Bytes received by Protocol Name
Bytes received by Protocol Name (transport-level protocol, only some are recognized).
WireData
| where Direction == "Inbound"
| summarize sum(ReceivedBytes) by ProtocolName
Total bytes by IP version
Total bytes by IP version (IPv4 or IPv6).
WireData
| summarize sum(TotalBytes) by IPVersion
Remote IP addresses that have communicated with agents on the subnet '10.0.0.0/8' (any direction)
Remote IP addresses that have communicated with agents on the subnet '10.0.0.0/8' (any direction).
WireData
| where LocalSubnet == "10.0.0.0/8"
| summarize count() by RemoteIP
Processes that initiated or received network traffic
Processes that initiated or received network traffic.
WireData
| distinct ProcessName
Amount of Network Traffic by Process
Amount of Network Traffic (in Bytes) by Process.
WireData
| summarize sum(TotalBytes) by ProcessName
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for