Hi Team,

can someone help me. I have a list of dynamic Dns domain and performing KQL with _Im_Dns table.

I have created watchlist of domain and apply to _Im_Dns table. So i am getting the result if exact match in DnsQuery column. Like in my watchlist if microsoft.com is dynamic domain then it getting result only when DnsQuery column has microsoft.com. But my concern is that i want to get result if DnsQuery column has xyz.microsoft.com.Abc.

let DynamicDns = _GetWatchlist(‘dynamic_dns’) | project  SearchKey;

_Im_Dns

| where DnsQuery in~ (DynamicDns)

My watchlist have 30k+ dynamic DNS. Kindly suggest us.

​Hi Team, can someone help me. I have a list of dynamic Dns domain and performing KQL with _Im_Dns table.I have created watchlist of domain and apply to _Im_Dns table. So i am getting the result if exact match in DnsQuery column. Like in my watchlist if microsoft.com is dynamic domain then it getting result only when DnsQuery column has microsoft.com. But my concern is that i want to get result if DnsQuery column has xyz.microsoft.com.Abc. let DynamicDns = _GetWatchlist(‘dynamic_dns’) | project  SearchKey;_Im_Dns| where DnsQuery in~ (DynamicDns) My watchlist have 30k+ dynamic DNS. Kindly suggest us.  Read More

​