Queries for the WireData table

  • Article
  • 11/01/2024

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

Agents that provide wire data

Agents providing wire data and sum of total bytes for each agent.

WireData
| summarize sum(TotalBytes) by Computer

IP Addresses of the agents providing wire data

IP Addresses of the agents providing wire data.

WireData
| summarize count() by LocalIP

All Outbound communications by Remote IP Address

All Outbound communications by Remote IP Address.

WireData
| where  Direction == "Outbound"
| summarize count() by RemoteIP

Bytes sent by Application Protocol

Bytes sent by Application Protocol.

WireData
| where Direction == "Outbound"
| summarize sum(SentBytes) by ApplicationProtocol

Bytes received by Protocol Name

Bytes received by Protocol Name (transport-level protocol, only some are recognized).

WireData
| where Direction == "Inbound"
| summarize sum(ReceivedBytes) by ProtocolName

Total bytes by IP version

Total bytes by IP version (IPv4 or IPv6).

WireData
| summarize sum(TotalBytes) by IPVersion

Remote IP addresses that have communicated with agents on the subnet '10.0.0.0/8' (any direction)

Remote IP addresses that have communicated with agents on the subnet '10.0.0.0/8' (any direction).

WireData  
| where LocalSubnet == "10.0.0.0/8" 
| summarize count() by RemoteIP

Processes that initiated or received network traffic

Processes that initiated or received network traffic.

WireData
| distinct ProcessName

Amount of Network Traffic by Process

Amount of Network Traffic (in Bytes) by Process.

WireData
| summarize sum(TotalBytes) by ProcessName