Queries for the MDCDetectionDNSEvents table

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

All DNS events where the domain queried was 'www.google.com' ordered by time

Get all DNS events where the domain queried was 'www.google.com' ordered by time.

MDCDetectionDNSEvents
| where Domain == "www.google.com"
| order by TimeGenerated
| limit 100