Forum Discussion

Mprossau's avatar
Mprossau
Copper Contributor
Feb 21, 2024

Required data for DNS Anomalies

Hi,

 

I am starting to work with Anomalies in my Sentinel deployment.

I have a large volume of DNS data ingested via the Windows DNS Events via AMA connector. So far I haven't seen any anomalies trigger against it. 

Is this connector able to supply data for use in the two Anomaly models?

The page here Anomalies detected by the Microsoft Sentinel machine learning engine | Microsoft Learn just mentions they need 'DNS Events'. When I look in my Sentinel deployment it only lists 'Windows DNS via Legacy Agent' as the data source.

cheers,

Michael

No RepliesBe the first to reply

Resources