cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure Sentinel DNS Search query

mj-ho
Copper Contributor

‎Aug 18 2021 11:49 PM

‎Aug 18 2021 11:49 PM

Azure Sentinel DNS Search query

Hello everyone,

 

I am looking for a way to search for specific domain names in the DNS query logs sent to Azure Sentinal.

I can see all the DNS requests presents in the workbooks showing things like the top looked up domains but i havnt been able to create a query that looks through all the logs for 1 or more specific domains.

5,706 Views
0 Likes
1 Reply
Reply
1 Reply
m_zorich

‎Aug 19 2021 04:12 PM

‎Aug 19 2021 04:12 PM

Re: Azure Sentinel DNS Search query

For one domain

DnsEvents
| where SubType == "LookupQuery"
| where Name == "domain.com"

for multiples

DnsEvents
| where SubType == "LookupQuery"
| where Name in ('domain1.com','domain2.com')


0 Likes
Reply