Jun 13 2021
I am trying to track down a workstation that is accessing a known malicious website. I have a few DNS servers that send their logs to Sentinel. Is there a way to find which workstation is accessing the site using Sentinel and KQL?
Jun 14 2021
Jun 21 2021
Thanks for the response. Is there a way to run these queries using the domain instead of the IP?
Jun 22 2021