Query Details
Dns Events DNS Query Resolved To Palo Alto Networks Sinkhole
Query
DnsEvents
| where IPAddresses has "72.5.65.111" and not(Name has "sinkhole.paloaltonetworks.com")
| project
TimeGenerated,
Computer,
ClientIP,
QueryType,
SubType,
Name,
IPAddresses,
ResultCode
Explanation
This query looks at DNS events and filters for events where the IP address is "72.5.65.111" but does not include events with the name "sinkhole.paloaltonetworks.com". It then displays specific information like the time the event occurred, the computer involved, the client IP address, the type of query, the subtype, the name, IP address, and result code.
Details
Jose Sebastián Canós
Released: April 2, 2024
Tables
DnsEvents
Keywords
IPAddresses,Name
Operators
wherehasnotproject