Forum Discussion
Azure Sentinel DNS Search query
Hello everyone, I am looking for a way to search for specific domain names in the DNS query logs sent to Azure Sentinal. I can see all the DNS requests presents in the workbooks showing things l...
For one domain
DnsEvents
| where SubType == "LookupQuery"
| where Name == "domain.com"
for multiples
DnsEvents
| where SubType == "LookupQuery"
| where Name in ('domain1.com','domain2.com')
DnsEvents
| where SubType == "LookupQuery"
| where Name == "domain.com"
for multiples
DnsEvents
| where SubType == "LookupQuery"
| where Name in ('domain1.com','domain2.com')