Walk Through Guide for Kusto Detective Agency Season 2, Case #2 Solution
Cases Solutions: 0 1 2 3 4 5 6 7 8 9 10
It’s hunt-the-phisher fun-day! 📲🐟
The second case riddle is:
The key takeaways from the riddle:
- The people of the city are targeted by phishermen who attempt to steal their identities
- We’re asked to find the phone number is used for placing the phishing calls
⚠SPOILER ALERT — THE SOLUTION DESCRIBED BELOW⚠
Note: Solution is mine, and non-official
So let’s delve into the data, by leveraging the | take 10
, to see some rows.
The PhoneCalls
table has; Timestamp, EventType, CallConnectionId and Properties.
We see that some calls are hidden, this is a great lead.
Also for the disconnections, we can see who initiated them, and it’s common to disconnect when spammers call — so it shall be marked with DisconnectedBy
“Destination”.
Now, all that we need is to find the most suspicious number, the one that called most of Digitown citizens; that is the Origin
number that called to the most distinct Destination
s.
Lucky us🍀KQL has the dcount
function that lets us find the distinct count (trades accuracy for performance, with relation to accurate count_distict, yet for us it shall do the magic happen):
Enjoyed this article? Feel free to long-press the 👏 button below 😀
Click for Next Case Solution ➡