Azure Sentinel DNS Search query

Copper Contributor

Hello everyone,


I am looking for a way to search for specific domain names in the DNS query logs sent to Azure Sentinal.

I can see all the DNS requests presents in the workbooks showing things like the top looked up domains but i havnt been able to create a query that looks through all the logs for 1 or more specific domains.

1 Reply
For one domain

| where SubType == "LookupQuery"
| where Name == ""

for multiples

| where SubType == "LookupQuery"
| where Name in ('','')