Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Device Network Events Involving Low Count FQDNs. This query reduces network events to only those with the RemoteURL column populated,. Then parses the DNS name from the URL (if needed) and finds the least prevalent. FQDNs. The result is then joined with DeviceNetworkEvents to highlight anomalous. Network communication.
| Attribute | Value |
|---|---|
| Type | Hunting Query |
| Solution | GitHub Only |
| ID | df02a1ed-9019-40fc-9be1-c32ac4a016c0 |
| Required Connectors | MicrosoftThreatProtection |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DeviceNetworkEvents |
✓ | ✗ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊