Forum Discussion
watchlist with contains
Hi Team, can someone help me. I have a list of dynamic Dns domain and performing KQL with _Im_Dns table. I have created watchlist of domain and apply to _Im_Dns table. So i am getting the result...
Maybe something based on this?
let DynamicDns = _GetWatchlist('dynamic_dns') | distinct SearchKey, index=1;
let myDNS = _Im_Dns | distinct DnsQuery, index=1;
DynamicDns
| join kind=inner (myDNS) on index_
| where DnsQuery contains SearchKey
