Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊
Device Network Events Involving Low Count FQDNs. This query reduces network events to only those with the RemoteURL column populated,. Then parses the DNS name from the URL (if needed) and finds the least prevalent. FQDNs. The result is then joined with DeviceNetworkEvents to highlight anomalous. Network communication.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | df02a1ed-9019-40fc-9be1-c32ac4a016c0 |
| Required Connectors | MicrosoftThreatProtection |
| Source | [View on GitHub](https://github.com/Azure/Azure-Sentinel/blob/master/Hunting Queries/Microsoft%20365%20Defender/Command%20and%20Control/Device%20network%20events%20w%20low%20count%20FQDN.yaml) |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · Logic Apps · 📊