Jun 13 2021 10:14 PM
I am trying to track down a workstation that is accessing a known malicious website. I have a few DNS servers that send their logs to Sentinel. Is there a way to find which workstation is accessing the site using Sentinel and KQL?
Thanks
Jun 14 2021 02:53 AM
Jun 21 2021 05:10 PM
Hi @CliveWatson
Thanks for the response. Is there a way to run these queries using the domain instead of the IP?
Jun 22 2021 12:22 AM