Forum Discussion
Anomaly Excessive NXDOMAIN DNS Queries - analytics rule
I have noticed that we see quite a few endpoints that are triggering the Excessive NXDOMAIN DNS Queries anomaly analytics rule in Microsoft Sentinel. When I investigate these for tuning purposes, I s...
In the query, it creates a variable called "allData" and then uses it further down in the query.
So I added a "where" clause to the usage of allData.
| where DnsQuery !contains "in-addr.arpa". Hopefully, that's not too kludgy.
So I added a "where" clause to the usage of allData.
| where DnsQuery !contains "in-addr.arpa". Hopefully, that's not too kludgy.
