Skip to content
This repository has been archived by the owner on Nov 16, 2023. It is now read-only.

Commit

Permalink
Updating URL list
Browse files Browse the repository at this point in the history 
Source: Defender proxy list. At a future date I will also update to include the *  URLs.
  • Loading branch information
@mjmelone
mjmelone committed Sep 17, 2021
1 parent 0d921e7 commit 376df72
Showing 1 changed file with 64 additions and 6 deletions.
70 changes: 64 additions & 6 deletions Troubleshooting/Connectivity Failures by Device.md
View file
Expand Up @@ -9,12 +9,70 @@ by the device.
## Query

```
let TargetURLs = dynamic(['winatp-gw-cus.microsoft.com', 'winatp-gw-eus.microsoft.com', 'winatp-gw-weu.microsoft.com',
'winatp-gw-neu.microsoft.com', 'winatp-gw-uks.microsoft.com', 'winatp-gw-ukw.microsoft.com', 'winatp-gw-usgv.microsoft.com',
'winatp-gw-usgt.microsoft.com', 'eu.vortex-win.data.microsoft.com', 'us.vortex-win.data.microsoft.com',
'uk.vortex-win.data.microsoft.com', 'events.data.microsoft.com', 'settings-win.data.microsoft.com', 'eu-v20.events.data.microsoft.com',
'uk-v20.events.data.microsoft.com', 'us-v20.events.data.microsoft.com', 'us4-v20.events.data.microsoft.com',
'us5-v20.events.data.microsoft.com', 'ctldl.windowsupdate.com']);
let TargetURLs = dynamic(['crl.microsoft.com',
'ctldl.windowsupdate.com',
'www.microsoft.com',
'events.data.microsoft.com',
'login.microsoftonline.com',
'login.live.com',
'settings-win.data.microsoft.com',
'x.cp.wd.microsoft.com',
'cdn.x.cp.wd.microsoft.com',
'eu-cdn.x.cp.wd.microsoft.com',
'wu-cdn.x.cp.wd.microsoft.com',
'officecdn-microsoft-com.akamaized.net',
'packages.microsoft.com',
'login.windows.net  ',
'unitedstates.x.cp.wd.microsoft.com',
'us.vortex-win.data.microsoft.com',
'us-v20.events.data.microsoft.com',
'winatp-gw-cus.microsoft.com',
'winatp-gw-eus.microsoft.com',
'winatp-gw-cus3.microsoft.com',
'winatp-gw-eus3.microsoft.com',
'automatedirstrprdcus.blob.core.windows.net',
'automatedirstrprdeus.blob.core.windows.net',
'automatedirstrprdcus3.blob.core.windows.net',
'automatedirstrprdeus3.blob.core.windows.net',
'ussus1eastprod.blob.core.windows.net',
'ussus2eastprod.blob.core.windows.net',
'ussus3eastprod.blob.core.windows.net',
'ussus4eastprod.blob.core.windows.net',
'wsus1eastprod.blob.core.windows.net',
'wsus2eastprod.blob.core.windows.net',
'ussus1westprod.blob.core.windows.net',
'ussus2westprod.blob.core.windows.net',
'ussus3westprod.blob.core.windows.net',
'ussus4westprod.blob.core.windows.net',
'wsus1westprod.blob.core.windows.net',
'wsus2westprod.blob.core.windows.net',
'europe.x.cp.wd.microsoft.com',
'eu.vortex-win.data.microsoft.com',
'eu-v20.events.data.microsoft.com',
'winatp-gw-neu.microsoft.com',
'winatp-gw-weu.microsoft.com',
'automatedirstrprdneu.blob.core.windows.net',
'automatedirstrprdweu.blob.core.windows.net',
'usseu1northprod.blob.core.windows.net',
'wseu1northprod.blob.core.windows.net',
'usseu1westprod.blob.core.windows.net',
'wseu1westprod.blob.core.windows.net',
'unitedkingdom.x.cp.wd.microsoft.com',
'uk.vortex-win.data.microsoft.com',
'uk-v20.events.data.microsoft.com',
'winatp-gw-uks.microsoft.com',
'winatp-gw-ukw.microsoft.com',
'automatedirstrprduks.blob.core.windows.net',
'automatedirstrprdukw.blob.core.windows.net',
'ussuk1southprod.blob.core.windows.net',
'wsuk1southprod.blob.core.windows.net',
'ussuk1westprod.blob.core.windows.net',
'wsuk1westprod.blob.core.windows.net',
'go.microsoft.com ',
'definitionupdates.microsoft.com ',
'fe3cr.delivery.mp.microsoft.com/ClientWebService/client.asmx',
'msdl.microsoft.com',
'vortex-win.data.microsoft.com']);
DeviceNetworkEvents
| where isnotempty(RemoteUrl) and ActionType == 'ConnectionFailed'
| extend Domain = case(RemoteUrl contains "//", parse_url(RemoteUrl).Host, RemoteUrl)
Expand Down

0 comments on commit 376df72

Please sign in to comment.