Forum Discussion
Mprossau
Feb 21, 2024Copper Contributor
Required data for DNS Anomalies
Hi,
I am starting to work with Anomalies in my Sentinel deployment.
I have a large volume of DNS data ingested via the Windows DNS Events via AMA connector. So far I haven't seen any anomalies trigger against it.
Is this connector able to supply data for use in the two Anomaly models?
The page here Anomalies detected by the Microsoft Sentinel machine learning engine | Microsoft Learn just mentions they need 'DNS Events'. When I look in my Sentinel deployment it only lists 'Windows DNS via Legacy Agent' as the data source.
cheers,
Michael
No RepliesBe the first to reply