Forum Discussion
mj-ho
Aug 19, 2021Copper Contributor
Azure Sentinel DNS Search query
Hello everyone,
I am looking for a way to search for specific domain names in the DNS query logs sent to Azure Sentinal.
I can see all the DNS requests presents in the workbooks showing things like the top looked up domains but i havnt been able to create a query that looks through all the logs for 1 or more specific domains.
- m_zorichIron ContributorFor one domain
DnsEvents
| where SubType == "LookupQuery"
| where Name == "domain.com"
for multiples
DnsEvents
| where SubType == "LookupQuery"
| where Name in ('domain1.com','domain2.com')