Required data for DNS Anomalies

Copper Contributor



I am starting to work with Anomalies in my Sentinel deployment.

I have a large volume of DNS data ingested via the Windows DNS Events via AMA connector. So far I haven't seen any anomalies trigger against it. 

Is this connector able to supply data for use in the two Anomaly models?

The page here Anomalies detected by the Microsoft Sentinel machine learning engine | Microsoft Learn just mentions they need 'DNS Events'. When I look in my Sentinel deployment it only lists 'Windows DNS via Legacy Agent' as the data source.



0 Replies