KQL Search

Query Details

Dns Events DNS Query Resolved To Palo Alto Networks Skinhole

Query

DnsEvents
| where IPAddresses has "72.5.65.111" and not(Name has "sinkhole.paloaltonetworks.com")
| project
    TimeGenerated,
    Computer,
    ClientIP,
    QueryType,
    SubType,
    Name,
    IPAddresses,
    ResultCode

Explanation

Show me DNS events where the IP address is "72.5.65.111" but the name is not "sinkhole.paloaltonetworks.com". Display the time generated, computer, client IP, query type, sub type, name, IP address, and result code.

Details

Jose Sebastián Canós

Released: March 3, 2024

Tables

DnsEvents

Keywords

IPAddresses,Name,TimeGenerated,Computer,ClientIP,QueryType,SubType,ResultCode

Operators

wherehasnotproject

KQL Search

Dns Events DNS Query Resolved To Palo Alto Networks Skinhole

Query

Explanation

Details

Actions