你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Queries for the DnsEvents table

项目
09/17/2024

For information on using these queries in the Azure portal, see Log Analytics tutorial. For the REST API, see Query.

Clients Resolving Malicious Domains

Distinct clients resolving malicious domains.

DnsEvents
| where SubType == 'LookupQuery' and isnotempty(MaliciousIP)
| summarize count() by ClientIP