diff --git a/.script/tests/KqlvalidationsTests/CustomTables/NXLog_DNS_Server_CL.json b/.script/tests/KqlvalidationsTests/CustomTables/NXLog_DNS_Server_CL.json index da85a8ba098..f51abd3db00 100644 --- a/.script/tests/KqlvalidationsTests/CustomTables/NXLog_DNS_Server_CL.json +++ b/.script/tests/KqlvalidationsTests/CustomTables/NXLog_DNS_Server_CL.json @@ -1,6 +1,10 @@ { "Name": "NXLog_DNS_Server_CL", "Properties": [ + { + "Name": "_ItemId", + "Type": "String" + }, { "Name": "TenantId", "Type": "String" diff --git a/Parsers/ASimDns/Parsers/ASimDnsMicrosoftNXlog.yaml b/Parsers/ASimDns/Parsers/ASimDnsMicrosoftNXlog.yaml index bcaa0189af7..e2cedd67691 100644 --- a/Parsers/ASimDns/Parsers/ASimDnsMicrosoftNXlog.yaml +++ b/Parsers/ASimDns/Parsers/ASimDnsMicrosoftNXlog.yaml @@ -1,17 +1,19 @@ Parser: Title: DNS activity ASIM parser for Microsoft DNS logs collected using NXlog - Version: '0.4' - LastUpdated: Dec 11 2022 + Version: '0.5.0' + LastUpdated: Sep 06 2023 Product: Name: MS DNS Events Normalization: Schema: Dns - Version: '0.1.3' + Version: '0.1.7' References: - Title: ASIM DNS Schema Link: https://aka.ms/ASimDnsDoc - Title: ASIM Link: https://aka.ms/AboutASIM +- Title: Resource Record (RR) TYPEs + Link: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml Description: | This ASIM parser supports normalizing Microsoft DNS logs, collected using NXlog, to the ASIM Dns normalized schema. ParserName: ASimDnsMicrosoftNXlog @@ -161,6 +163,61 @@ ParserQuery: | , 31,'EID' , 32,'NIMLOC' , 33,'SRV' + , 34,'ATMA' + , 35,'NAPTR' + , 36,'KX' + , 37,'CERT' + , 38,'A6' + , 39,'DNAME' + , 40,'SINK' + , 41,'OPT' + , 42,'APL' + , 43,'DS' + , 44,'SSHFP' + , 45,'IPSECKEY' + , 46,'RRSIG' + , 47,'NSEC' + , 48,'DNSKEY' + , 49,'DHCID' + , 50,'NSEC3' + , 51,'NSEC3PARAM' + , 52,'TLSA' + , 53,'SMIMEA' + , 55,'HIP' + , 56,'NINFO' + , 57,'RKEY' + , 58,'TALINK' + , 59,'CDS' + , 60,'CDNSKEY' + , 61,'OPENPGPKEY' + , 62,'CSYNC' + , 63,'ZONEMD' + , 64,'SVCB' + , 65,'HTTPS' + , 99,'SPF' + , 100,'UINFO' + , 101,'UID' + , 102,'GID' + , 103,'UNSPEC' + , 104,'NID' + , 105,'L32' + , 106,'L64' + , 107,'LP' + , 108,'EUI48' + , 109,'EUI64' + , 249,'TKEY' + , 250,'TSIG' + , 251,'IXFR' + , 252,'AXFR' + , 253,'MAILB' + , 254,'MAILA' + , 255,'*' + , 256,'URI' + , 257,'CAA' + , 258,'AVC' + , 259,'DOA' + , 32768,'TA' + , 32769,'DLV' ]; NXLog_DNS_Server_CL | where not(disabled) | where EventID_d < 281 @@ -174,16 +231,18 @@ ParserQuery: | EventOriginalType=EventID_d, EventOriginalUid=GUID_g, EventStartTime=EventTime_t, - SrcIpAddr=Source_s + SrcIpAddr=Source_s, + EventUid=_ItemId | extend DnsQuery=trim_end(".",DnsQuery), DnsQueryType=toint(DnsQueryType), DnsResponseCode=toint(DnsResponseCode), SrcPortNumber=toint(Port_s), DvcHostname=Dvc, + DvcIpAddr=HostIP_s, EventEndTime=EventStartTime, EventProduct = "DNS Server", - EventSchemaVersion = "0.1.3", + EventSchemaVersion = "0.1.7", EventVendor = "Microsoft", EventSchema = "Dns", EventCount = int(1), @@ -211,11 +270,11 @@ ParserQuery: | , DnsQueryType between (261 .. 32767), 'Unassigned' , 'Unassigned'), EventResult=iff (EventResult == "Based on RCODE", iff(DnsResponseCode == 0, "Success", "Failure"),EventResult) - | extend + | extend // Aliases IpAddr = SrcIpAddr, Src = SrcIpAddr | project-away - *_s, *_d, QTypeName, TenantId, SourceSystem, MG, ManagementGroupName, Computer, RawData - }; - ASimDnsMicrosoftNXLog(disabled) \ No newline at end of file + *_s, *_d, QTypeName, TenantId, SourceSystem, MG, ManagementGroupName, Computer, RawData, ResponseCodeName, EventReceivedTime_t, ProviderGuid_g, _ResourceId + }; + ASimDnsMicrosoftNXLog(disabled=disabled) \ No newline at end of file diff --git a/Parsers/ASimDns/Parsers/vimDnsMicrosoftNXlog.yaml b/Parsers/ASimDns/Parsers/vimDnsMicrosoftNXlog.yaml index 53c8b6b3cbe..25397dba435 100644 --- a/Parsers/ASimDns/Parsers/vimDnsMicrosoftNXlog.yaml +++ b/Parsers/ASimDns/Parsers/vimDnsMicrosoftNXlog.yaml @@ -1,17 +1,19 @@ Parser: Title: DNS activity ASIM filtering parser for Microsoft DNS logs collected using NXlog - Version: '0.4' - LastUpdated: Dec 11 2022 + Version: '0.5.0' + LastUpdated: Sep 06 2023 Product: Name: MS DNS Events Normalization: Schema: Dns - Version: '0.1.3' + Version: '0.1.7' References: - Title: ASIM DNS Schema Link: https://aka.ms/ASimDnsDoc - Title: ASIM Link: https://aka.ms/AboutASIM +- Title: Resource Record (RR) TYPEs + Link: https://www.iana.org/assignments/dns-parameters/dns-parameters.xhtml Description: | This ASIM parser supports filtering and normalizing Microsoft DNS logs, collected using NXlog, to the ASIM Dns normalized schema. ParserName: vimDnsMicrosoftNXlog @@ -192,6 +194,61 @@ ParserQuery: | , 31,'EID' , 32,'NIMLOC' , 33,'SRV' + , 34,'ATMA' + , 35,'NAPTR' + , 36,'KX' + , 37,'CERT' + , 38,'A6' + , 39,'DNAME' + , 40,'SINK' + , 41,'OPT' + , 42,'APL' + , 43,'DS' + , 44,'SSHFP' + , 45,'IPSECKEY' + , 46,'RRSIG' + , 47,'NSEC' + , 48,'DNSKEY' + , 49,'DHCID' + , 50,'NSEC3' + , 51,'NSEC3PARAM' + , 52,'TLSA' + , 53,'SMIMEA' + , 55,'HIP' + , 56,'NINFO' + , 57,'RKEY' + , 58,'TALINK' + , 59,'CDS' + , 60,'CDNSKEY' + , 61,'OPENPGPKEY' + , 62,'CSYNC' + , 63,'ZONEMD' + , 64,'SVCB' + , 65,'HTTPS' + , 99,'SPF' + , 100,'UINFO' + , 101,'UID' + , 102,'GID' + , 103,'UNSPEC' + , 104,'NID' + , 105,'L32' + , 106,'L64' + , 107,'LP' + , 108,'EUI48' + , 109,'EUI64' + , 249,'TKEY' + , 250,'TSIG' + , 251,'IXFR' + , 252,'AXFR' + , 253,'MAILB' + , 254,'MAILA' + , 255,'*' + , 256,'URI' + , 257,'CAA' + , 258,'AVC' + , 259,'DOA' + , 32768,'TA' + , 32769,'DLV' ]; NXLog_DNS_Server_CL | where not(disabled) | where EventID_d < 281 @@ -221,16 +278,18 @@ ParserQuery: | Dvc=Hostname_s, EventOriginalUid=GUID_g, EventStartTime=EventTime_t, - SrcIpAddr=Source_s + SrcIpAddr=Source_s, + EventUid=_ItemId | extend DnsQuery=trim_end(".",DnsQuery), DnsQueryType=toint(DnsQueryType), DnsResponseCode=toint(DnsResponseCode), SrcPortNumber=toint(Port_s), DvcHostname=Dvc, + DvcIpAddr=HostIP_s, EventEndTime=EventStartTime, EventProduct = "DNS Server", - EventSchemaVersion = "0.1.3", + EventSchemaVersion = "0.1.7", EventVendor = "Microsoft", EventSchema = "Dns", EventCount = int(1), @@ -256,18 +315,21 @@ ParserQuery: | , DnsQueryType between (110 .. 248), 'Unassigned' , DnsQueryType between (261 .. 32767), 'Unassigned' , 'Unassigned'), - EventResult=iff (EventResult == "Based on RCODE", iff(DnsResponseCode == 0, "Success", "Failure"),EventResult) + EventResult=iff (EventResult == "Based on RCODE", iff(DnsResponseCode == 0, "Success", "Failure"),EventResult) | extend // Aliases IpAddr = SrcIpAddr, - Src = SrcIpAddr, - // Backward compatibility - Query = DnsQuery, - QueryType = DnsQueryType, - QueryTypeName = DnsQueryTypeName, - ResponseCode = DnsResponseCode, - ResponseCodeName = DnsResponseCodeName + Src = SrcIpAddr | project-away - *_s, *_d, QTypeName, TenantId, SourceSystem, MG, ManagementGroupName, Computer, RawData + *_s, *_d, QTypeName, TenantId, SourceSystem, MG, ManagementGroupName, Computer, RawData, ResponseCodeName, EventReceivedTime_t, ProviderGuid_g, _ResourceId, eventtype }; - ASimDnsMicrosoftNXLog (starttime, endtime, srcipaddr, domain_has_any, responsecodename, response_has_ipv4, response_has_any_prefix, eventtype, disabled) + ASimDnsMicrosoftNXLog ( + starttime=starttime, + endtime=endtime, + srcipaddr=srcipaddr, + domain_has_any=domain_has_any, + responsecodename=responsecodename, + response_has_ipv4=response_has_ipv4, + response_has_any_prefix=response_has_any_prefix, + eventtype=eventtype, + disabled=disabled) \ No newline at end of file diff --git a/Parsers/ASimDns/Tests/Microsoft_DNS Server_Dns_DataTest_ASimDnsMicrosoftNXLog.csv b/Parsers/ASimDns/Tests/Microsoft_DNS Server_Dns_DataTest_ASimDnsMicrosoftNXLog.csv new file mode 100644 index 00000000000..0d8aaf98ba4 --- /dev/null +++ b/Parsers/ASimDns/Tests/Microsoft_DNS Server_Dns_DataTest_ASimDnsMicrosoftNXLog.csv @@ -0,0 +1,14 @@ +Result +"(0) Error: 1 invalid value(s) (up to 10 listed) in 120 records (1.3%) for field [EventType] of type [Enumerated]: [""Zone XFR""] (Schema:Dns)" +"(1) Warning: 1 abnormal value(s) (up to 10 listed) in 608 records (6.59%) for field [DnsQuery] of type [RecommendedDnsDomain]: [""aaareretFEREWSD==.moveinto.space""] (Schema:Dns)" +"(1) Warning: 1 abnormal value(s) (up to 10 listed) in 608 records (6.59%) for field [Domain] of type [RecommendedDnsDomain]: [""aaareretFEREWSD==.moveinto.space""] (Schema:Dns)" +"(1) Warning: Empty value in 4065 records (44.05%) in mandatory field [Src] (Schema:Dns)" +"(2) Info: Empty value in 120 records (1.3%) in optional field [DnsQueryType] (Schema:Dns)" +"(2) Info: Empty value in 1324 records (14.35%) in optional field [EventOriginalUid] (Schema:Dns)" +"(2) Info: Empty value in 201 records (2.18%) in optional field [SrcPortNumber] (Schema:Dns)" +"(2) Info: Empty value in 276 records (2.99%) in optional field [DnsResponseName] (Schema:Dns)" +"(2) Info: Empty value in 4065 records (44.05%) in recommended field [SrcIpAddr] (Schema:Dns)" +"(2) Info: Empty value in 4115 records (44.59%) in optional field [DnsFlagsRecursionDesired] (Schema:Dns)" +"(2) Info: Empty value in 5474 records (59.32%) in optional field [DnsFlagsAuthenticated] (Schema:Dns)" +"(2) Info: Empty value in 5474 records (59.32%) in optional field [DnsFlagsAuthoritative] (Schema:Dns)" +"(2) Info: Empty value in 6481 records (70.23%) in optional field [DnsResponseCode] (Schema:Dns)" diff --git a/Parsers/ASimDns/Tests/Microsoft_DNS Server_Dns_DataTest_vimDnsMicrosoftNXLog.csv b/Parsers/ASimDns/Tests/Microsoft_DNS Server_Dns_DataTest_vimDnsMicrosoftNXLog.csv new file mode 100644 index 00000000000..f1935b333fd --- /dev/null +++ b/Parsers/ASimDns/Tests/Microsoft_DNS Server_Dns_DataTest_vimDnsMicrosoftNXLog.csv @@ -0,0 +1,12 @@ +Result +"(1) Warning: 1 abnormal value(s) (up to 10 listed) in 608 records (6.68%) for field [DnsQuery] of type [RecommendedDnsDomain]: [""aaareretFEREWSD==.moveinto.space""] (Schema:Dns)" +"(1) Warning: 1 abnormal value(s) (up to 10 listed) in 608 records (6.68%) for field [Domain] of type [RecommendedDnsDomain]: [""aaareretFEREWSD==.moveinto.space""] (Schema:Dns)" +"(1) Warning: Empty value in 4005 records (43.97%) in mandatory field [Src] (Schema:Dns)" +"(2) Info: Empty value in 1204 records (13.22%) in optional field [EventOriginalUid] (Schema:Dns)" +"(2) Info: Empty value in 216 records (2.37%) in optional field [DnsResponseName] (Schema:Dns)" +"(2) Info: Empty value in 3995 records (43.86%) in optional field [DnsFlagsRecursionDesired] (Schema:Dns)" +"(2) Info: Empty value in 4005 records (43.97%) in recommended field [SrcIpAddr] (Schema:Dns)" +"(2) Info: Empty value in 5354 records (58.78%) in optional field [DnsFlagsAuthenticated] (Schema:Dns)" +"(2) Info: Empty value in 5354 records (58.78%) in optional field [DnsFlagsAuthoritative] (Schema:Dns)" +"(2) Info: Empty value in 6421 records (70.5%) in optional field [DnsResponseCode] (Schema:Dns)" +"(2) Info: Empty value in 81 records (0.89%) in optional field [SrcPortNumber] (Schema:Dns)" diff --git a/Parsers/ASimDns/Tests/Microsoft_DNS Server_Dns_SchemaTest_ASimDnsMicrosoftNXLog.csv b/Parsers/ASimDns/Tests/Microsoft_DNS Server_Dns_SchemaTest_ASimDnsMicrosoftNXLog.csv new file mode 100644 index 00000000000..784c68c2bc3 --- /dev/null +++ b/Parsers/ASimDns/Tests/Microsoft_DNS Server_Dns_SchemaTest_ASimDnsMicrosoftNXLog.csv @@ -0,0 +1,109 @@ +Result +"(1) Warning: Missing recommended field [DnsQueryClassName]" +"(1) Warning: Missing recommended field [Dst]" +"(1) Warning: Missing recommended field [DvcDomain]" +"(1) Warning: Missing recommended field [SrcDomain]" +"(1) Warning: Missing recommended field [SrcHostname]" +"(2) Info: Missing optional alias [DomainCategory] aliasing non-existent column [UrlCategory]" +"(2) Info: Missing optional alias [Duration] aliasing non-existent column [DnsNetworkDuration]" +"(2) Info: Missing optional alias [Process] aliasing non-existent column [SrcProcessName]" +"(2) Info: Missing optional alias [SessionId] aliasing non-existent column [DnsSessionId]" +"(2) Info: Missing optional alias [User] aliasing non-existent column [SrcUsername]" +"(2) Info: Missing optional field [AdditionalFields]" +"(2) Info: Missing optional field [DnsFlagsCheckingDisabled]" +"(2) Info: Missing optional field [DnsFlagsRecursionAvailable]" +"(2) Info: Missing optional field [DnsFlagsTruncated]" +"(2) Info: Missing optional field [DnsFlagsZ]" +"(2) Info: Missing optional field [DnsNetworkDuration]" +"(2) Info: Missing optional field [DnsQueryClass]" +"(2) Info: Missing optional field [DnsResponseIpCity]" +"(2) Info: Missing optional field [DnsResponseIpCountry]" +"(2) Info: Missing optional field [DnsResponseIpLatitude]" +"(2) Info: Missing optional field [DnsResponseIpLongitude]" +"(2) Info: Missing optional field [DnsResponseIpRegion]" +"(2) Info: Missing optional field [DnsSessionId]" +"(2) Info: Missing optional field [DstDescription]" +"(2) Info: Missing optional field [DstDeviceType]" +"(2) Info: Missing optional field [DstDomain]" +"(2) Info: Missing optional field [DstDvcId]" +"(2) Info: Missing optional field [DstDvcScopeId]" +"(2) Info: Missing optional field [DstDvcScope]" +"(2) Info: Missing optional field [DstFQDN]" +"(2) Info: Missing optional field [DstGeoCity]" +"(2) Info: Missing optional field [DstGeoCountry]" +"(2) Info: Missing optional field [DstGeoLatitude]" +"(2) Info: Missing optional field [DstGeoLongitude]" +"(2) Info: Missing optional field [DstGeoRegion]" +"(2) Info: Missing optional field [DstHostname]" +"(2) Info: Missing optional field [DstIpAddr]" +"(2) Info: Missing optional field [DstOriginalRiskLevel]" +"(2) Info: Missing optional field [DstPortNumber]" +"(2) Info: Missing optional field [DstRiskLevel]" +"(2) Info: Missing optional field [DvcAction]" +"(2) Info: Missing optional field [DvcDescription]" +"(2) Info: Missing optional field [DvcFQDN]" +"(2) Info: Missing optional field [DvcId]" +"(2) Info: Missing optional field [DvcInterface]" +"(2) Info: Missing optional field [DvcMacAddr]" +"(2) Info: Missing optional field [DvcOriginalAction]" +"(2) Info: Missing optional field [DvcOsVersion]" +"(2) Info: Missing optional field [DvcOs]" +"(2) Info: Missing optional field [DvcScopeId]" +"(2) Info: Missing optional field [DvcScope]" +"(2) Info: Missing optional field [DvcZone]" +"(2) Info: Missing optional field [EventMessage]" +"(2) Info: Missing optional field [EventOriginalSeverity]" +"(2) Info: Missing optional field [EventOriginalSubType]" +"(2) Info: Missing optional field [EventOwner]" +"(2) Info: Missing optional field [EventProductVersion]" +"(2) Info: Missing optional field [EventReportUrl]" +"(2) Info: Missing optional field [EventSeverity]" +"(2) Info: Missing optional field [NetworkProtocolVersion]" +"(2) Info: Missing optional field [RuleName]" +"(2) Info: Missing optional field [RuleNumber]" +"(2) Info: Missing optional field [Rule]" +"(2) Info: Missing optional field [SrcDescription]" +"(2) Info: Missing optional field [SrcDeviceType]" +"(2) Info: Missing optional field [SrcDvcId]" +"(2) Info: Missing optional field [SrcDvcScopeId]" +"(2) Info: Missing optional field [SrcDvcScope]" +"(2) Info: Missing optional field [SrcFQDN]" +"(2) Info: Missing optional field [SrcGeoCity]" +"(2) Info: Missing optional field [SrcGeoCountry]" +"(2) Info: Missing optional field [SrcGeoLatitude]" +"(2) Info: Missing optional field [SrcGeoLongitude]" +"(2) Info: Missing optional field [SrcGeoRegion]" +"(2) Info: Missing optional field [SrcOriginalRiskLevel]" +"(2) Info: Missing optional field [SrcOriginalUserType]" +"(2) Info: Missing optional field [SrcProcessGuid]" +"(2) Info: Missing optional field [SrcProcessId]" +"(2) Info: Missing optional field [SrcProcessName]" +"(2) Info: Missing optional field [SrcRiskLevel]" +"(2) Info: Missing optional field [SrcUserAWSId]" +"(2) Info: Missing optional field [SrcUserAadId]" +"(2) Info: Missing optional field [SrcUserId]" +"(2) Info: Missing optional field [SrcUserOktaId]" +"(2) Info: Missing optional field [SrcUserScopeId]" +"(2) Info: Missing optional field [SrcUserScope]" +"(2) Info: Missing optional field [SrcUserSessionId]" +"(2) Info: Missing optional field [SrcUserSid]" +"(2) Info: Missing optional field [SrcUserType]" +"(2) Info: Missing optional field [SrcUserUid]" +"(2) Info: Missing optional field [SrcUsername]" +"(2) Info: Missing optional field [TenantId]" +"(2) Info: Missing optional field [ThreatCategory]" +"(2) Info: Missing optional field [ThreatConfidence]" +"(2) Info: Missing optional field [ThreatField]" +"(2) Info: Missing optional field [ThreatFirstReportedTime]" +"(2) Info: Missing optional field [ThreatId]" +"(2) Info: Missing optional field [ThreatIpAddr]" +"(2) Info: Missing optional field [ThreatIsActive]" +"(2) Info: Missing optional field [ThreatLastReportedTime]" +"(2) Info: Missing optional field [ThreatName]" +"(2) Info: Missing optional field [ThreatOriginalConfidence]" +"(2) Info: Missing optional field [ThreatOriginalRiskLevel]" +"(2) Info: Missing optional field [ThreatRiskLevel]" +"(2) Info: Missing optional field [UrlCategory]" +"(2) Info: Missing recommended alias [Hostname] aliasing non-existent column [SrcHostname]" +"(2) Info: extra unnormalized column [Category]" +"(2) Info: extra unnormalized column [Level]" diff --git a/Parsers/ASimDns/Tests/Microsoft_DNS Server_Dns_SchemaTest_vimDnsMicrosoftNXLog.csv b/Parsers/ASimDns/Tests/Microsoft_DNS Server_Dns_SchemaTest_vimDnsMicrosoftNXLog.csv new file mode 100644 index 00000000000..784c68c2bc3 --- /dev/null +++ b/Parsers/ASimDns/Tests/Microsoft_DNS Server_Dns_SchemaTest_vimDnsMicrosoftNXLog.csv @@ -0,0 +1,109 @@ +Result +"(1) Warning: Missing recommended field [DnsQueryClassName]" +"(1) Warning: Missing recommended field [Dst]" +"(1) Warning: Missing recommended field [DvcDomain]" +"(1) Warning: Missing recommended field [SrcDomain]" +"(1) Warning: Missing recommended field [SrcHostname]" +"(2) Info: Missing optional alias [DomainCategory] aliasing non-existent column [UrlCategory]" +"(2) Info: Missing optional alias [Duration] aliasing non-existent column [DnsNetworkDuration]" +"(2) Info: Missing optional alias [Process] aliasing non-existent column [SrcProcessName]" +"(2) Info: Missing optional alias [SessionId] aliasing non-existent column [DnsSessionId]" +"(2) Info: Missing optional alias [User] aliasing non-existent column [SrcUsername]" +"(2) Info: Missing optional field [AdditionalFields]" +"(2) Info: Missing optional field [DnsFlagsCheckingDisabled]" +"(2) Info: Missing optional field [DnsFlagsRecursionAvailable]" +"(2) Info: Missing optional field [DnsFlagsTruncated]" +"(2) Info: Missing optional field [DnsFlagsZ]" +"(2) Info: Missing optional field [DnsNetworkDuration]" +"(2) Info: Missing optional field [DnsQueryClass]" +"(2) Info: Missing optional field [DnsResponseIpCity]" +"(2) Info: Missing optional field [DnsResponseIpCountry]" +"(2) Info: Missing optional field [DnsResponseIpLatitude]" +"(2) Info: Missing optional field [DnsResponseIpLongitude]" +"(2) Info: Missing optional field [DnsResponseIpRegion]" +"(2) Info: Missing optional field [DnsSessionId]" +"(2) Info: Missing optional field [DstDescription]" +"(2) Info: Missing optional field [DstDeviceType]" +"(2) Info: Missing optional field [DstDomain]" +"(2) Info: Missing optional field [DstDvcId]" +"(2) Info: Missing optional field [DstDvcScopeId]" +"(2) Info: Missing optional field [DstDvcScope]" +"(2) Info: Missing optional field [DstFQDN]" +"(2) Info: Missing optional field [DstGeoCity]" +"(2) Info: Missing optional field [DstGeoCountry]" +"(2) Info: Missing optional field [DstGeoLatitude]" +"(2) Info: Missing optional field [DstGeoLongitude]" +"(2) Info: Missing optional field [DstGeoRegion]" +"(2) Info: Missing optional field [DstHostname]" +"(2) Info: Missing optional field [DstIpAddr]" +"(2) Info: Missing optional field [DstOriginalRiskLevel]" +"(2) Info: Missing optional field [DstPortNumber]" +"(2) Info: Missing optional field [DstRiskLevel]" +"(2) Info: Missing optional field [DvcAction]" +"(2) Info: Missing optional field [DvcDescription]" +"(2) Info: Missing optional field [DvcFQDN]" +"(2) Info: Missing optional field [DvcId]" +"(2) Info: Missing optional field [DvcInterface]" +"(2) Info: Missing optional field [DvcMacAddr]" +"(2) Info: Missing optional field [DvcOriginalAction]" +"(2) Info: Missing optional field [DvcOsVersion]" +"(2) Info: Missing optional field [DvcOs]" +"(2) Info: Missing optional field [DvcScopeId]" +"(2) Info: Missing optional field [DvcScope]" +"(2) Info: Missing optional field [DvcZone]" +"(2) Info: Missing optional field [EventMessage]" +"(2) Info: Missing optional field [EventOriginalSeverity]" +"(2) Info: Missing optional field [EventOriginalSubType]" +"(2) Info: Missing optional field [EventOwner]" +"(2) Info: Missing optional field [EventProductVersion]" +"(2) Info: Missing optional field [EventReportUrl]" +"(2) Info: Missing optional field [EventSeverity]" +"(2) Info: Missing optional field [NetworkProtocolVersion]" +"(2) Info: Missing optional field [RuleName]" +"(2) Info: Missing optional field [RuleNumber]" +"(2) Info: Missing optional field [Rule]" +"(2) Info: Missing optional field [SrcDescription]" +"(2) Info: Missing optional field [SrcDeviceType]" +"(2) Info: Missing optional field [SrcDvcId]" +"(2) Info: Missing optional field [SrcDvcScopeId]" +"(2) Info: Missing optional field [SrcDvcScope]" +"(2) Info: Missing optional field [SrcFQDN]" +"(2) Info: Missing optional field [SrcGeoCity]" +"(2) Info: Missing optional field [SrcGeoCountry]" +"(2) Info: Missing optional field [SrcGeoLatitude]" +"(2) Info: Missing optional field [SrcGeoLongitude]" +"(2) Info: Missing optional field [SrcGeoRegion]" +"(2) Info: Missing optional field [SrcOriginalRiskLevel]" +"(2) Info: Missing optional field [SrcOriginalUserType]" +"(2) Info: Missing optional field [SrcProcessGuid]" +"(2) Info: Missing optional field [SrcProcessId]" +"(2) Info: Missing optional field [SrcProcessName]" +"(2) Info: Missing optional field [SrcRiskLevel]" +"(2) Info: Missing optional field [SrcUserAWSId]" +"(2) Info: Missing optional field [SrcUserAadId]" +"(2) Info: Missing optional field [SrcUserId]" +"(2) Info: Missing optional field [SrcUserOktaId]" +"(2) Info: Missing optional field [SrcUserScopeId]" +"(2) Info: Missing optional field [SrcUserScope]" +"(2) Info: Missing optional field [SrcUserSessionId]" +"(2) Info: Missing optional field [SrcUserSid]" +"(2) Info: Missing optional field [SrcUserType]" +"(2) Info: Missing optional field [SrcUserUid]" +"(2) Info: Missing optional field [SrcUsername]" +"(2) Info: Missing optional field [TenantId]" +"(2) Info: Missing optional field [ThreatCategory]" +"(2) Info: Missing optional field [ThreatConfidence]" +"(2) Info: Missing optional field [ThreatField]" +"(2) Info: Missing optional field [ThreatFirstReportedTime]" +"(2) Info: Missing optional field [ThreatId]" +"(2) Info: Missing optional field [ThreatIpAddr]" +"(2) Info: Missing optional field [ThreatIsActive]" +"(2) Info: Missing optional field [ThreatLastReportedTime]" +"(2) Info: Missing optional field [ThreatName]" +"(2) Info: Missing optional field [ThreatOriginalConfidence]" +"(2) Info: Missing optional field [ThreatOriginalRiskLevel]" +"(2) Info: Missing optional field [ThreatRiskLevel]" +"(2) Info: Missing optional field [UrlCategory]" +"(2) Info: Missing recommended alias [Hostname] aliasing non-existent column [SrcHostname]" +"(2) Info: extra unnormalized column [Category]" +"(2) Info: extra unnormalized column [Level]" diff --git a/Parsers/ASimDns/test/README.md b/Parsers/ASimDns/Tests/README.md similarity index 100% rename from Parsers/ASimDns/test/README.md rename to Parsers/ASimDns/Tests/README.md diff --git a/Sample Data/ASIM/Microsoft_DNS Server_Dns_IntestedLogs.csv b/Sample Data/ASIM/Microsoft_DNS Server_Dns_IntestedLogs.csv new file mode 100644 index 00000000000..ade0a7ef1ed --- /dev/null +++ b/Sample Data/ASIM/Microsoft_DNS Server_Dns_IntestedLogs.csv @@ -0,0 +1,823 @@ +TenantId,SourceSystem,MG,ManagementGroupName,"TimeGenerated [UTC]",Computer,RawData,"ListenAddresses_s","NAME_s","TTL_s","RDATA_s","ZoneScope_s","PropertyKey_s","NewValue_s","VirtualizationID_s","Name_s","Type_s","Lookup_s","ReplicationScope_s","ZoneFile_s","Reason_s","ParsedPacketData_dns_additional_s","QXID_s","RecursionDepth_s","RecursionScope_s","CacheScope_s","ParsedPacketData_dns_answer_s","QueriesAttached_s","SourceName_s","ProviderGuid_g","EventID_d","Version_d","ChannelID_d","Channel_s","LevelValue_d",Level,"OpcodeValue_d","TaskValue_d",Category,"Keywords_s","EventTime_t [UTC]","ExecutionProcessID_d","ExecutionThreadID_d","EventType_s","SeverityValue_d","Severity_s","Hostname_s","Domain_s","AccountName_s","UserID_s","AccountType_s","Flags_s","TCP_s","InterfaceIP_s","Source_s","RD_s","QNAME_s","QTYPE_s","XID_s","Port_s","ParsedPacketData_dns_id_d","ParsedPacketData_dns_flags_recursion_desired_s","ParsedPacketData_dns_flags_truncated_response_s","ParsedPacketData_dns_flags_authoritative_s","ParsedPacketData_dns_opcode_s","ParsedPacketData_dns_flags_query_or_response_s","ParsedPacketData_dns_response_code_s","ParsedPacketData_dns_flags_checking_disabled_s","ParsedPacketData_dns_flags_authentic_data_s","ParsedPacketData_dns_flags_recursion_available_s","ParsedPacketData_dns_query_s","PacketData_s","AdditionalInfo_s","GUID_g","EventReceivedTime_t [UTC]","SourceModuleName_s","SourceModuleType_s","HostIP_s","BufferSize_s","Destination_s","AA_s","AD_s","DNSSEC_s","RCODE_s","Scope_s","Zone_s","PolicyName_s","ParsedPacketData_dns_authority_s","ElapsedTime_s","GUID_s",Type,"_ResourceId" +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:44.819 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:16:42.824 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,51785,0,51785,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xCA49800000010000000400012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C031000200010000012C0013066E73312D303109617A7572652D646E73C046C031000200010000012C0016066E73322D303109617A7572652D646E73036E657400C031000200010000012C0016066E73332D303109617A7572652D646E73036F726700C031000200010000012C0017066E73342D303109617A7572652D646E7304696E666F0000002904D0000000000000,".","469da738-1c37-4db7-8c14-f7de279bcb09","7/27/2023, 2:16:44.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-01.azure-dns.com""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-01.azure-dns.net""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns3-01.azure-dns.org""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns4-01.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:44.819 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:16:42.824 PM",2908,4024,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","2a01:111:4000:700::1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,14417,,,,,,,,,,,,,,".",,"7/27/2023, 2:16:44.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,"..Cache",NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:47.264 PM",,,,,,,,,,,,,,,,,,59702,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",262,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,2,"RECURSE_QUERY ",9223372036854775872,"7/27/2023, 2:16:46.536 PM",2908,3164,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,20792,0,,,,,,,,,,,,,".","469da738-1c37-4db7-8c14-f7de279bcb09","7/27/2023, 2:16:47.553 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","2a01:111:4000:700::1",,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:48.686 PM",,,,,,,,,,,,,,,,,,59702,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:16:46.538 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,20792,0,20792,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5138000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","469da738-1c37-4db7-8c14-f7de279bcb09","7/27/2023, 2:16:48.556 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","204.14.183.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:48.686 PM",,,,,,,,,,,,,,,,,,59702,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:16:46.538 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,20792,0,20792,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5138000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","469da738-1c37-4db7-8c14-f7de279bcb09","7/27/2023, 2:16:48.556 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:48.686 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:16:46.568 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","204.14.183.1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,20792,0,20792,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5138840000010001000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E65740000002904D0000000000000,".","469da738-1c37-4db7-8c14-f7de279bcb09","7/27/2023, 2:16:48.556 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:48.686 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:16:46.568 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,59702,62000,59702,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE936818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:16:48.572 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:48.686 PM",,,,,,,,,,,,,,,,,,59702,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:16:46.568 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"opinsightsweuods.trafficmanager.NET.",1,2301,0,2301,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x08FD00000001000000000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","469da738-1c37-4db7-8c14-f7de279bcb09","7/27/2023, 2:16:48.572 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:48.686 PM",,,,,,,,,,,,,,,,,,,0,".",Default,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:16:46.570 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,20792,0,20792,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5138840000010001000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E65740000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:16:48.572 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:48.686 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:16:46.570 PM",2908,4024,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","13.107.236.1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,20792,,,,,,,,,,,,,,".",,"7/27/2023, 2:16:48.572 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,NULL,NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:48.686 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""opinsightsweuods.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:16:46.597 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"opinsightsweuods.trafficmanager.NET.",1,2301,0,2301,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x08FD84000001000100000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E45540000010001C00C000500010000012C003616697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","469da738-1c37-4db7-8c14-f7de279bcb09","7/27/2023, 2:16:48.572 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:48.686 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:16:46.597 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,59702,62000,59702,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE936818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:16:48.572 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:48.686 PM",,,,,,,,,,,,,,,,,,59702,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:16:46.597 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,28520,0,28520,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6F680000000100000000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","469da738-1c37-4db7-8c14-f7de279bcb09","7/27/2023, 2:16:48.572 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:48.686 PM",,,,,,,,,,,,,,,,,,,5,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:16:46.628 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,28520,0,28520,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6F688400000100010000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D45411D00002904D0000000000000,".","469da738-1c37-4db7-8c14-f7de279bcb09","7/27/2023, 2:16:48.572 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:16:48.686 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":295,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":295,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":5,""dns.answer.data"":""13.69.65.29""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:16:46.629 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,59702,62000,59702,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE936818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000001270025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000127002D16697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F7564617070C040C08C000100010000000500040D45411D,"VirtualizationInstance:.","469da738-1c37-4db7-8c14-f7de279bcb09","7/27/2023, 2:16:48.586 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,3826,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:58.895 PM",,,,,,,,,,,,,,,,,,13558,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",262,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,2,"RECURSE_QUERY ",9223372036854775872,"7/27/2023, 2:19:56.552 PM",2908,3164,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,,,,"prisoner.iana.org.",1,62503,0,,,,,,,,,,,,,".","ef0c5ee4-49d1-4582-a049-8d2ecabc4805","7/27/2023, 2:19:58.331 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","2001:500:89::53",,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:58.895 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:19:56.554 PM",2908,3164,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,,"2001:503:83eb::30",,"a.iana-servers.NET.",1,3001,,,,,,,,,,,,,,".",,"7/27/2023, 2:19:58.331 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,NULL,NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:18:47.628 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:18:45.037 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,10999,57919,10999,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2AF7010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","f0db402c-1266-430e-9ed2-5f9ab63028b6","7/27/2023, 2:18:47.065 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:18:47.628 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:18:45.037 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,10999,57919,10999,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2AF7818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:18:47.065 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:18:47.628 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:18:45.037 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,10999,57919,10999,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2AF7818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:18:47.065 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:18:47.628 PM",,,,,,,,,,,,,,,,,,10999,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:18:45.037 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,11065,0,11065,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2B390000000100000000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","f0db402c-1266-430e-9ed2-5f9ab63028b6","7/27/2023, 2:18:47.065 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:18:47.628 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:18:45.067 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,11065,0,11065,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2B398400000100010000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D45411D00002904D0000000000000,".","f0db402c-1266-430e-9ed2-5f9ab63028b6","7/27/2023, 2:18:47.065 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:18:47.628 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":176,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":176,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:18:45.067 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,10999,57919,10999,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2AF7818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000B00025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000B0002D16697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F7564617070C040C08C000100010000000A00040D45411D,"VirtualizationInstance:.","f0db402c-1266-430e-9ed2-5f9ab63028b6","7/27/2023, 2:18:47.567 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,31,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:20:33.878 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"v10.events.data.microsoft.com.",1,42052,61042,42052,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA4440100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,".","fa535e41-bcb7-4e6f-ac8c-d0a1bb282508","7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:20:33.878 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"win-global-asimov-leafs-events-data.trafficmanager.net.",1,42052,61042,42052,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA4448180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:33.879 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"tm1.edgedns-tm.info.",1,1597,0,1597,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x063D0000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","208.84.5.4",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""tm1.edgedns-tm.info"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""13.107.222.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:33.908 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","208.84.5.4",,"tm1.edgedns-tm.info.",1,1597,0,1597,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x063D8400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,42052,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:33.908 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,53839,0,53839,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD24F000000010000000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","fa535e41-bcb7-4e6f-ac8c-d0a1bb282508","7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""onedscolprduks05.uksouth.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:33.935 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,53839,0,53839,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD24F840000010001000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E45540000010001C00C000500010000003C002D106F6E656473636F6C707264756B73303507756B736F75746808636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","fa535e41-bcb7-4e6f-ac8c-d0a1bb282508","7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:20:33.935 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"onedscolprduks05.uksouth.cloudapp.azure.com.",1,42052,61042,42052,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA4448180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,42052,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:33.935 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprduks05.uksouth.cloudapp.azure.com.",1,34619,0,34619,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprduks05.uksouth.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x873B00000001000000000001106F6E656473636F6C707264756B73303507756B736F75746808636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","fa535e41-bcb7-4e6f-ac8c-d0a1bb282508","7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,,2,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:33.963 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"onedscolprduks05.uksouth.cloudapp.azure.com.",1,34619,0,34619,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprduks05.uksouth.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x873B80000001000000040001106F6E656473636F6C707264756B73303507756B736F75746808636C6F756461707005617A75726503636F6D0000010001C01D000200010000012C0013066E73392D303109617A7572652D646E73C034C01D000200010000012C0017076E7331302D303109617A7572652D646E73036E657400C01D000200010000012C0017076E7331312D303109617A7572652D646E73036F726700C01D000200010000012C0018076E7331322D303109617A7572652D646E7304696E666F0000002904D0000000000000,".","fa535e41-bcb7-4e6f-ac8c-d0a1bb282508","7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""uksouth.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-01.azure-dns.com""},{""dns.authority.name"":""uksouth.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-01.azure-dns.net""},{""dns.authority.name"":""uksouth.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-01.azure-dns.org""},{""dns.authority.name"":""uksouth.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-01.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:33.963 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ns9-01.azure-dns.com.",1,25527,0,25527,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ns9-01.azure-dns.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x63B700000001000000000001066E73392D303109617A7572652D646E7303636F6D00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.2",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ns9-01.azure-dns.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3600,""dns.answer.data"":""150.171.10.1""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:33.994 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.2",,"ns9-01.azure-dns.com.",1,25527,0,25527,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ns9-01.azure-dns.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x63B784000001000100000001066E73392D303109617A7572652D646E7303636F6D0000010001C00C0001000100000E10000496AB0A0100002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,42052,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:33.994 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprduks05.uksouth.cloudapp.azure.com.",1,63268,0,63268,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprduks05.uksouth.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF72400000001000000000001106F6E656473636F6C707264756B73303507756B736F75746808636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","fa535e41-bcb7-4e6f-ac8c-d0a1bb282508","7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""onedscolprduks05.uksouth.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""51.132.193.105""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:34.019 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.1",,"onedscolprduks05.uksouth.cloudapp.azure.com.",1,63268,0,63268,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprduks05.uksouth.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF72484000001000100000001106F6E656473636F6C707264756B73303507756B736F75746808636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00043384C16900002904D0000000000000,".","fa535e41-bcb7-4e6f-ac8c-d0a1bb282508","7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:36.040 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":27,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""},{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""onedscolprduks05.uksouth.cloudapp.azure.com""},{""dns.answer.name"":""onedscolprduks05.uksouth.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""51.132.193.105""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:20:34.019 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"v10.events.data.microsoft.com.",1,42052,61042,42052,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA4448180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000001B00382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E657400C03B000500010000003C002A106F6E656473636F6C707264756B73303507756B736F75746808636C6F756461707005617A757265C026C07F000100010000000A00043384C169,"VirtualizationInstance:.","fa535e41-bcb7-4e6f-ac8c-d0a1bb282508","7/27/2023, 2:20:35.143 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,141,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:37.157 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:20:34.510 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,62187,62506,62187,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF2EB010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","9411b8b3-1a75-42cd-81b7-b98a0e836024","7/27/2023, 2:20:36.167 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:37.157 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:20:34.510 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,62187,62506,62187,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF2EB818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:20:36.167 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:37.157 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:20:34.510 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,62187,62506,62187,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF2EB818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:20:36.167 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:37.157 PM",,,,,,,,,,,,,,,,,,62187,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:34.511 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,56465,0,56465,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xDC910000000100000000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","9411b8b3-1a75-42cd-81b7-b98a0e836024","7/27/2023, 2:20:36.167 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:37.157 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:34.540 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,56465,0,56465,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xDC918000000100000006000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C023000200010000012C0014076E73312D32303109617A7572652D646E73C03DC023000200010000012C0017076E73322D32303109617A7572652D646E73036E657400C023000200010000012C0018086E7331312D32303109617A7572652D646E73036F726700C023000200010000012C0019086E7331322D32303109617A7572652D646E7304696E666F00C023000200010000012C000B086E7331302D323031C07AC023000200010000012C000A076E73392D323031C05A00002904D0000000000000,".","9411b8b3-1a75-42cd-81b7-b98a0e836024","7/27/2023, 2:20:36.167 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-201.azure-dns.com""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-201.azure-dns.org""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-201.azure-dns.info""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-201.azure-dns.com""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:37.157 PM",,,,,,,,,,,,,,,,,,62187,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:34.540 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,32572,0,32572,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7F3C0000000100000000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","9411b8b3-1a75-42cd-81b7-b98a0e836024","7/27/2023, 2:20:36.167 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:37.157 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:20:34.566 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,62187,62506,62187,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF2EB010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","ac2eb8a6-a170-4f62-ae0c-ed61ed14361a","7/27/2023, 2:20:36.167 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:37.157 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:20:34.566 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,62187,62506,62187,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF2EB818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:20:36.167 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:37.157 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:20:34.566 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,62187,62506,62187,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF2EB818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:20:36.173 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:37.157 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:34.567 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,32572,0,32572,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7F3C8400000100010000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D45411D00002904D0000000000000,".","9411b8b3-1a75-42cd-81b7-b98a0e836024","7/27/2023, 2:20:36.175 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:37.157 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":67,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":67,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:20:34.567 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,62187,62506,62187,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF2EB818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000430025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000043002D16697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F7564617070C040C08C000100010000000A00040D45411D,"VirtualizationInstance:.","9411b8b3-1a75-42cd-81b7-b98a0e836024","7/27/2023, 2:20:36.175 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,57,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:41.240 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:20:38.757 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"v10.events.data.microsoft.com.",1,60288,54472,60288,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xEB800100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,".","9e255f86-ae39-4829-8b05-651311079cd6","7/27/2023, 2:20:40.785 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:41.240 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:20:38.757 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"win-global-asimov-leafs-events-data.trafficmanager.net.",1,60288,54472,60288,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xEB808180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:20:40.785 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:41.240 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:20:38.757 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"onedscolprduks05.uksouth.cloudapp.azure.com.",1,60288,54472,60288,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xEB808180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:20:40.785 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:41.240 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":22,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""},{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":55,""dns.answer.data"":""onedscolprduks05.uksouth.cloudapp.azure.com""},{""dns.answer.name"":""onedscolprduks05.uksouth.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":5,""dns.answer.data"":""51.132.193.105""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:20:38.758 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"v10.events.data.microsoft.com.",1,60288,54472,60288,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xEB808180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000001600382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E657400C03B0005000100000037002A106F6E656473636F6C707264756B73303507756B736F75746808636C6F756461707005617A757265C026C07F000100010000000500043384C169,"VirtualizationInstance:.","9e255f86-ae39-4829-8b05-651311079cd6","7/27/2023, 2:20:40.785 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:06.818 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",262,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,2,"RECURSE_QUERY ",9223372036854775872,"7/27/2023, 2:20:03.818 PM",2908,3164,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,,"a.iana-servers.NET.",1,34348,0,,,,,,,,,,,,,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:05.847 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","2001:500:8e::53",,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:06.818 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:03.822 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"a.iana-servers.NET.",1,34348,0,34348,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""a.iana-servers.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x862C0000000100000000000101610C69616E612D73657276657273034E455400000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:05.847 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","199.43.135.53",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:06.818 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:03.823 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"a.iana-servers.NET.",1,34348,0,34348,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""a.iana-servers.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x862C0000000100000000000101610C69616E612D73657276657273034E455400000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:05.847 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","199.43.134.53",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:06.818 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""a.iana-servers.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1800,""dns.answer.data"":""199.43.135.53""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:03.942 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","199.43.135.53",,"a.iana-servers.NET.",1,34348,0,34348,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""a.iana-servers.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x862C8400000100010000000101610C69616E612D73657276657273034E45540000010001C00C00010001000007080004C72B87350000291000000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:05.847 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:06.818 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",258,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775812,"7/27/2023, 2:20:03.943 PM",2908,4024,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33154,0,"172.18.88.20",,,"prisoner.iana.org.",1,13558,59996,13558,true,false,false,QUERY,true,SERVFAIL,false,false,true,"[{""dns.query.name"":""prisoner.iana.org"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x34F68182000100000000000008707269736F6E65720469616E61036F72670000010001,".","ef0c5ee4-49d1-4582-a049-8d2ecabc4805","7/27/2023, 2:20:05.847 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",,,,2,,"..Cache",NULL,,12256,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:06.818 PM",,,,,,,,,,,,,,,,,,,0,".",Default,"[{""dns.answer.name"":""a.iana-servers.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1800,""dns.answer.data"":""199.43.135.53""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:03.977 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","199.43.134.53",,"a.iana-servers.NET.",1,34348,0,34348,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""a.iana-servers.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x862C8400000100010000000101610C69616E612D73657276657273034E4554000001000101610C69616E612D73657276657273036E65740000010001000007080004C72B873500002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:05.847 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:06.818 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:20:03.977 PM",2908,4028,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","199.43.134.53",,"a.iana-servers.NET.",1,34348,,,,,,,,,,,,,,".",,"7/27/2023, 2:20:05.847 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,NULL,NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:22:59.957 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:22:57.358 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,610,57919,610,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0262010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","aed66db9-eb00-4472-aef3-e65fdacaa9d6","7/27/2023, 2:22:59.417 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:22:59.957 PM",,,,,,,,,,,,,,,,,,610,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:22:57.359 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,38951,0,38951,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9827000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","aed66db9-eb00-4472-aef3-e65fdacaa9d6","7/27/2023, 2:22:59.417 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:22:59.957 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:22:57.392 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,38951,0,38951,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9827800000010000000400012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C031000200010000012C0013066E73312D303109617A7572652D646E73C046C031000200010000012C0016066E73322D303109617A7572652D646E73036E657400C031000200010000012C0016066E73332D303109617A7572652D646E73036F726700C031000200010000012C0017066E73342D303109617A7572652D646E7304696E666F0000002904D0000000000000,".","aed66db9-eb00-4472-aef3-e65fdacaa9d6","7/27/2023, 2:22:59.417 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-01.azure-dns.com""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-01.azure-dns.net""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns3-01.azure-dns.org""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns4-01.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:22:59.957 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:22:57.392 PM",2908,4028,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","2603:1061:0:700::1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,11556,,,,,,,,,,,,,,".",,"7/27/2023, 2:22:59.417 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,"..Cache",NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:01.260 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:19:58.789 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"prisoner.iana.org.",1,13558,59996,13558,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""prisoner.iana.org"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x34F60100000100000000000008707269736F6E65720469616E61036F72670000010001,".","a3a70505-0a4e-4a6f-a020-6505018c6d16","7/27/2023, 2:20:00.801 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:01.260 PM",,,,,,,,,,,,,,,,,,13558,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:19:58.790 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"prisoner.iana.org.",1,12060,0,12060,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""prisoner.iana.org"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2F1C0000000100000000000108707269736F6E65720469616E61036F726700000100010000290FA0000000000000,".","a3a70505-0a4e-4a6f-a020-6505018c6d16","7/27/2023, 2:20:01.302 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","199.4.138.53",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:06.265 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:23:03.573 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,4351,57919,4351,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x10FF010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","ede35a55-8331-400f-9ab2-25c796a4b22a","7/27/2023, 2:23:05.660 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:06.265 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:23:03.574 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,4351,57919,4351,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x10FF818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:23:05.660 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:06.265 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:23:03.574 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,4351,57919,4351,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x10FF818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:23:05.660 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:06.265 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":293,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":293,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:23:03.574 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,4351,57919,4351,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x10FF818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000001250025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000125002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000300040D456A5E,"VirtualizationInstance:.","ede35a55-8331-400f-9ab2-25c796a4b22a","7/27/2023, 2:23:06.160 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:34.671 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:20:32.036 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"settings-win.data.microsoft.com.",1,27359,50929,27359,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6ADF010000010000000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,".","ab1ee771-15cf-4bae-9fae-3830872c0665","7/27/2023, 2:20:34.128 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:34.671 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:20:32.036 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"atm-settingsfe-prod-geo2.trafficmanager.net.",1,27359,50929,27359,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6ADF818000010001000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:20:34.128 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:34.671 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:20:32.036 PM",2908,4028,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,,"2620:1ec:bda:700::4",,"tm1.edgedns-tm.info.",1,49914,,,,,,,,,,,,,,".",,"7/27/2023, 2:20:34.643 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,NULL,NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,,,610,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",262,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,2,"RECURSE_QUERY ",9223372036854775872,"7/27/2023, 2:23:00.932 PM",2908,3164,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,9261,0,,,,,,,,,,,,,".","aed66db9-eb00-4472-aef3-e65fdacaa9d6","7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","2603:1061:0:700::1",,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,,,610,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:23:00.932 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,9261,0,9261,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x242D000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","aed66db9-eb00-4472-aef3-e65fdacaa9d6","7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","204.14.183.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,,,610,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:23:00.934 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,9261,0,9261,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x242D000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","aed66db9-eb00-4472-aef3-e65fdacaa9d6","7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:23:00.963 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","204.14.183.1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,9261,0,9261,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x242D840000010001000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E65740000002904D0000000000000,".","aed66db9-eb00-4472-aef3-e65fdacaa9d6","7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:23:00.963 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,610,57919,610,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0262818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,,,610,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:23:00.965 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"opinsightsweuods.trafficmanager.NET.",1,61729,0,61729,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF12100000001000000000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","aed66db9-eb00-4472-aef3-e65fdacaa9d6","7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,,,,0,".",Default,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:23:00.969 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,9261,0,9261,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x242D840000010001000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E65740000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:23:00.969 PM",2908,4028,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","13.107.236.1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,9261,,,,,,,,,,,,,,".",,"7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,NULL,NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""opinsightsweuods.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:23:01.000 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"opinsightsweuods.trafficmanager.NET.",1,61729,0,61729,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF12184000001000100000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E45540000010001C00C000500010000012C003616697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","aed66db9-eb00-4472-aef3-e65fdacaa9d6","7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:23:01.000 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,610,57919,610,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0262818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,,,610,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:23:01.001 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,2766,0,2766,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0ACE0000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","aed66db9-eb00-4472-aef3-e65fdacaa9d6","7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,,,,5,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:23:01.030 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,2766,0,2766,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0ACE8400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","aed66db9-eb00-4472-aef3-e65fdacaa9d6","7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:23:03.913 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":296,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":296,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":6,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:23:01.030 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,610,57919,610,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0262818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000001280025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000128002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000600040D456A5E,"VirtualizationInstance:.","aed66db9-eb00-4472-aef3-e65fdacaa9d6","7/27/2023, 2:23:02.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,3676,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:56.543 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:41:53.794 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,24250,51376,24250,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5EBA010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","421aea20-abbf-407f-a692-6831b371f171","7/27/2023, 2:41:55.834 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:56.543 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:41:53.794 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,24250,51376,24250,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5EBA818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:41:55.834 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:56.543 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:41:53.794 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,24250,51376,24250,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5EBA818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:41:55.834 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:56.543 PM",,,,,,,,,,,,,,,,,,24250,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:41:53.794 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,41390,0,41390,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA1AE0000000100000000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","421aea20-abbf-407f-a692-6831b371f171","7/27/2023, 2:41:55.834 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:56.543 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""104.40.170.64""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:41:53.825 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,41390,0,41390,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA1AE8400000100010000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00046828AA4000002904D0000000000000,".","421aea20-abbf-407f-a692-6831b371f171","7/27/2023, 2:41:55.834 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:56.543 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":288,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":288,""dns.answer.data"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""104.40.170.64""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:41:53.825 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,24250,51376,24250,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5EBA818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000001200025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000120002D16697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F7564617070C040C08C000100010000000900046828AA40,"VirtualizationInstance:.","421aea20-abbf-407f-a692-6831b371f171","7/27/2023, 2:41:55.834 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,32,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:56.449 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:50:53.858 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,62643,58832,62643,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF4B3010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","10e4ac0e-9184-409c-8c43-3a0619a1467a","7/27/2023, 2:50:55.878 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:56.449 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:50:53.858 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,62643,58832,62643,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF4B3818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:50:55.878 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:56.449 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:50:53.858 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,62643,58832,62643,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF4B3818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:50:55.878 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:56.449 PM",,,,,,,,,,,,,,,,,,62643,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:50:53.858 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,32739,0,32739,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7FE30000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","10e4ac0e-9184-409c-8c43-3a0619a1467a","7/27/2023, 2:50:55.878 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:56.449 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:50:53.888 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,32739,0,32739,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7FE38400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","10e4ac0e-9184-409c-8c43-3a0619a1467a","7/27/2023, 2:50:55.878 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:56.449 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":122,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":122,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:50:53.888 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,62643,58832,62643,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF4B3818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000007A0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000007A002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000900040D456A5E,"VirtualizationInstance:.","10e4ac0e-9184-409c-8c43-3a0619a1467a","7/27/2023, 2:50:55.878 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,30,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:41.581 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:24:38.767 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"settings-win.data.microsoft.com.",1,18350,57919,18350,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x47AE010000010000000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,".","9fac9f06-e0c5-4518-b901-0f280fba9404","7/27/2023, 2:24:40.812 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:41.581 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:24:38.767 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"atm-settingsfe-prod-geo2.trafficmanager.net.",1,18350,57919,18350,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x47AE818000010001000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:24:40.812 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:41.581 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:24:38.767 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"settings-prod-neu-2.northeurope.cloudapp.azure.com.",1,18350,57919,18350,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x47AE818000010002000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:24:40.812 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:41.581 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""settings-win.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3009,""dns.answer.data"":""atm-settingsfe-prod-geo2.trafficmanager.net""},{""dns.answer.name"":""atm-settingsfe-prod-geo2.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":53,""dns.answer.data"":""settings-prod-neu-2.northeurope.cloudapp.azure.com""},{""dns.answer.name"":""settings-prod-neu-2.northeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3,""dns.answer.data"":""51.104.136.2""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:24:38.767 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"settings-win.data.microsoft.com.",1,18350,57919,18350,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x47AE818000010003000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001C00C0005000100000BC1002D1861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572036E657400C03D000500010000003500311373657474696E67732D70726F642D6E65752D320B6E6F7274686575726F706508636C6F756461707005617A757265C028C0760001000100000003000433688802,"VirtualizationInstance:.","9fac9f06-e0c5-4518-b901-0f280fba9404","7/27/2023, 2:24:40.812 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:54:13.011 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:54:10.200 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,28969,54472,28969,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7129010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","e2da5764-eb39-495e-8ca5-52b2352c263b","7/27/2023, 2:54:12.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:54:13.011 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:54:10.200 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,28969,54472,28969,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7129818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:54:12.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:54:13.011 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:54:10.200 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,28969,54472,28969,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7129818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:54:12.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:54:13.011 PM",,,,,,,,,,,,,,,,,,28969,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:54:10.200 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,17978,0,17978,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x463A0000000100000000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","e2da5764-eb39-495e-8ca5-52b2352c263b","7/27/2023, 2:54:12.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:54:13.011 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.221""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:54:10.233 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,17978,0,17978,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x463A8400000100010000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADD00002904D0000000000000,".","e2da5764-eb39-495e-8ca5-52b2352c263b","7/27/2023, 2:54:12.767 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:54:13.011 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":241,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":241,""dns.answer.data"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.221""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:54:10.233 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,28969,54472,28969,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7129818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000F10025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000F1002D16697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADD,"VirtualizationInstance:.","e2da5764-eb39-495e-8ca5-52b2352c263b","7/27/2023, 2:54:12.767 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,33,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:44.027 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:24:41.393 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,55689,63002,55689,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD989010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","fd383259-a7dc-4d3f-8cc0-fe49e31f71d9","7/27/2023, 2:24:43.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:44.027 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:24:41.393 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,55689,63002,55689,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD989818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:24:43.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:44.027 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:24:41.393 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,55689,63002,55689,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD989818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:24:43.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:44.027 PM",,,,,,,,,,,,,,,,,,55689,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:24:41.394 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,51674,0,51674,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC9DA0000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","fd383259-a7dc-4d3f-8cc0-fe49e31f71d9","7/27/2023, 2:24:43.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:44.027 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:24:41.422 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,51674,0,51674,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC9DA8400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","fd383259-a7dc-4d3f-8cc0-fe49e31f71d9","7/27/2023, 2:24:43.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:44.027 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":196,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":196,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:24:41.422 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,55689,63002,55689,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD989818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000C40025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000C4002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000A00040D456A5E,"VirtualizationInstance:.","fd383259-a7dc-4d3f-8cc0-fe49e31f71d9","7/27/2023, 2:24:43.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,30,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:54:32.715 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:54:30.088 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,34083,57919,34083,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8523010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","21c9fb61-e89f-4c38-b363-acd379fb127b","7/27/2023, 2:54:32.126 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:54:32.715 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:54:30.088 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,34083,57919,34083,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8523818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:54:32.126 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:54:32.715 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:54:30.088 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,34083,57919,34083,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8523818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:54:32.126 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:54:32.715 PM",,,,,,,,,,,,,,,,,,34083,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:54:30.088 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,19841,0,19841,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x4D810000000100000000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","21c9fb61-e89f-4c38-b363-acd379fb127b","7/27/2023, 2:54:32.126 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:54:32.715 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.221""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:54:30.114 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,19841,0,19841,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x4D818400000100010000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADD00002904D0000000000000,".","21c9fb61-e89f-4c38-b363-acd379fb127b","7/27/2023, 2:54:32.627 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:54:32.715 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":221,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":221,""dns.answer.data"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.221""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:54:30.114 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,34083,57919,34083,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8523818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000DD0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000DD002D16697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADD,"VirtualizationInstance:.","21c9fb61-e89f-4c38-b363-acd379fb127b","7/27/2023, 2:54:32.627 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,26,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:48.212 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:24:46.529 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"adl.windows.com.",1,3595,54472,3595,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""adl.windows.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0E0B010000010000000000000361646C0777696E646F777303636F6D0000010001,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:47.515 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:48.212 PM",,,,,,,,,,,,,,,,,,3595,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:24:46.530 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"adl.windows.com.",1,30275,0,30275,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""adl.windows.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7643000000010000000000010361646C0777696E646F777303636F6D00000100010000290FA0000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:47.515 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.205",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:56:20.388 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:56:17.723 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,43401,59586,43401,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA989010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","005afd07-5c96-441b-bff4-203f2678f68d","7/27/2023, 2:56:19.720 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:56:20.388 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:56:17.723 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,43401,59586,43401,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA989818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:56:19.720 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:56:20.388 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:56:17.723 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,43401,59586,43401,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA989818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:56:19.720 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:56:20.388 PM",,,,,,,,,,,,,,,,,,43401,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:56:17.723 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,34859,0,34859,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x882B0000000100000000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","005afd07-5c96-441b-bff4-203f2678f68d","7/27/2023, 2:56:19.720 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:56:20.388 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.221""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:56:17.748 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,34859,0,34859,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x882B8400000100010000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADD00002904D0000000000000,".","005afd07-5c96-441b-bff4-203f2678f68d","7/27/2023, 2:56:19.720 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:56:20.388 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":113,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":113,""dns.answer.data"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.221""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:56:17.749 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,43401,59586,43401,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA989818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000710025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000071002D16697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADD,"VirtualizationInstance:.","005afd07-5c96-441b-bff4-203f2678f68d","7/27/2023, 2:56:19.720 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,26,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:54.001 PM",,,,,,,,,,,,,,,,,,3595,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",262,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,2,"RECURSE_QUERY ",9223372036854775872,"7/27/2023, 2:24:50.813 PM",2908,3164,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,,"adl.windows.com.",1,2286,0,,,,,,,,,,,,,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:52.858 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","2001:500:856e::30",,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:54.001 PM",,,,,,,,,,,,,,,,,,3595,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:24:50.813 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"a1943.g2.akamai.NET.",1,2286,0,2286,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""a1943.g2.akamai.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x08EE0000000100000000000105613139343302673206616B616D6169034E455400000100010000290FA0000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:52.858 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.35.51.30",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:54.001 PM",,,,,,,,,,,,,,,,,,3595,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:24:50.813 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"a1943.g2.akamai.NET.",1,2286,0,2286,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""a1943.g2.akamai.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x08EE0000000100000000000105613139343302673206616B616D6169034E455400000100010000290FA0000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:52.858 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.43.172.30",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:54.001 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""zc.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""23.74.25.192""},{""dns.additional.name"":""zd.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""95.101.36.192""},{""dns.additional.name"":""ze.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""184.26.161.192""},{""dns.additional.name"":""zg.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""96.7.50.192""},{""dns.additional.name"":""zh.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""23.211.133.192""},{""dns.additional.name"":""zi.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""184.26.161.192""},{""dns.additional.name"":""ns3-193.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""23.61.199.193""},{""dns.additional.name"":""ns3-193.akamaitech.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2600:1406:32::c1""},{""dns.additional.name"":""ns2-193.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2.22.230.193""},{""dns.additional.name"":""ns4-193.akamaitech.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2600:1480:1::c1""},{""dns.additional.name"":""ns4-193.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""84.53.139.193""},{""dns.additional.name"":""ns6-193.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""95.100.168.193""},{""dns.additional.name"":""ns7-193.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""96.7.49.193""},{""dns.additional.name"":"""",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""184.85.248.193""},{""dns.additional.name"":"""",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""193.108.88.1""}]",,5,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:24:50.849 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","192.35.51.30",,"a1943.g2.akamai.NET.",1,2286,0,2286,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""a1943.g2.akamai.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x08EE800000010000000D001005613139343302673206616B616D6169034E45540000010001C015000200010002A3000010027A630A616B616D616974656368C01CC015000200010002A3000005027A64C034C015000200010002A3000005027A65C034C015000200010002A3000005027A67C034C015000200010002A3000005027A68C034C015000200010002A3000005027A69C034C015000200010002A300000A076E73332D313933C034C015000200010002A300000A076E73322D313933C034C015000200010002A300000A076E73342D313933C034C015000200010002A300000A076E73362D313933C034C015000200010002A300000A076E73372D313933C034C015000200010002A300000A076E73352D313933C034C015000200010002A3000008056E73312D31C034C031000100010002A3000004174A19C0C04D000100010002A30000045F6524C0C05E000100010002A3000004B81AA1C0C06F000100010002A3000004600732C0C080000100010002A300000417D385C0C091000100010002A3000004B81AA1C0C0A2000100010002A3000004173DC7C1C0A2001C00010002A3000010260014060032000000000000000000C1C0B8000100010002A30000040216E6C1C0CE001C00010002A3000010260014800001000000000000000000C1C0CE000100010002A300000454358BC1C0E4000100010002A30000045F64A8C1C0FA000100010002A3000004600731C1C110000100010002A3000004B855F8C1C126000100010002A3000004C16C58010000291000000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:52.858 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""zc.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""zd.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ze.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""zg.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""zh.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""zi.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns3-193.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns2-193.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns4-193.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns6-193.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns7-193.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns5-193.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns1-1.akamaitech.NET""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:54.001 PM",,,,,,,,,,,,,,,,,,3595,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:24:50.850 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"a1943.g2.akamai.NET.",1,11952,0,11952,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""a1943.g2.akamai.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2EB00000000100000000000105613139343302673206616B616D6169034E455400000100010000290FA0000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:52.858 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","23.61.199.193",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:54.001 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""zc.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""23.74.25.192""},{""dns.additional.name"":""zd.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""95.101.36.192""},{""dns.additional.name"":""ze.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""184.26.161.192""},{""dns.additional.name"":""zg.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""96.7.50.192""},{""dns.additional.name"":""zh.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""23.211.133.192""},{""dns.additional.name"":""zi.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""184.26.161.192""},{""dns.additional.name"":""ns3-193.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""23.61.199.193""},{""dns.additional.name"":""ns3-193.akamaitech.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2600:1406:32::c1""},{""dns.additional.name"":""ns2-193.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2.22.230.193""},{""dns.additional.name"":""ns4-193.akamaitech.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2600:1480:1::c1""},{""dns.additional.name"":""ns4-193.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""84.53.139.193""},{""dns.additional.name"":""ns6-193.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""95.100.168.193""},{""dns.additional.name"":""ns7-193.akamaitech.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""96.7.49.193""},{""dns.additional.name"":"""",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""184.85.248.193""},{""dns.additional.name"":"""",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""193.108.88.1""}]",,0,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:24:50.851 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","192.43.172.30",,"a1943.g2.akamai.NET.",1,2286,0,2286,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""a1943.g2.akamai.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x08EE800000010000000D001005613139343302673206616B616D6169034E45540000010001C015000200010002A3000010027A630A616B616D616974656368C01CC015000200010002A3000005027A64C034C015000200010002A3000005027A65C034C015000200010002A3000005027A67C034C015000200010002A3000005027A68C034C015000200010002A3000005027A69C034C015000200010002A300000A076E73332D313933C034C015000200010002A300000A076E73322D313933C034C015000200010002A300000A076E73342D313933C034C015000200010002A300000A076E73362D313933C034C015000200010002A300000A076E73372D313933C034C015000200010002A300000A076E73352D313933C034C015000200010002A3000008056E73312D31C034C031000100010002A3000004174A19C0C04D000100010002A30000045F6524C0C05E000100010002A3000004B81AA1C0C06F000100010002A3000004600732C0C080000100010002A300000417D385C0C091000100010002A3000004B81AA1C0C0A2000100010002A3000004173DC7C1C0A2001C00010002A3000010260014060032000000000000000000C1C0B8000100010002A30000040216E6C1C0CE001C00010002A3000010260014800001000000000000000000C1C0CE000100010002A300000454358BC1C0E4000100010002A30000045F64A8C1C0FA000100010002A3000004600731C1C110000100010002A3000004B855F8C1C126000100010002A3000004C16C58010000291000000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:24:52.858 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""zc.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""zd.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ze.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""zg.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""zh.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""zi.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns3-193.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns2-193.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns4-193.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns6-193.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns7-193.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns5-193.akamaitech.NET""},{""dns.authority.name"":""akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns1-1.akamaitech.NET""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:54.001 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:24:50.851 PM",2908,4028,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","192.43.172.30",,"a1943.g2.akamai.NET.",1,2286,,,,,,,,,,,,,,".",,"7/27/2023, 2:24:52.858 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,NULL,NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:54.001 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""n1g2.akamai.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""2.23.154.23""},{""dns.additional.name"":""n0g2.akamai.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""88.221.81.192""},{""dns.additional.name"":""n0g2.akamai.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""2600:1480:e800::c0""},{""dns.additional.name"":""n7g2.akamai.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""185.10.124.15""},{""dns.additional.name"":""n4g2.akamai.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""104.103.72.60""},{""dns.additional.name"":""n3g2.akamai.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""2.22.88.57""},{""dns.additional.name"":""n5g2.akamai.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""104.103.72.166""},{""dns.additional.name"":""n6g2.akamai.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""104.103.72.62""},{""dns.additional.name"":""n2g2.akamai.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""104.103.72.188""}]",,6,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:24:50.894 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","23.61.199.193",,"a1943.g2.akamai.NET.",1,11952,0,11952,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""a1943.g2.akamai.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2EB08000000100000008000A05613139343302673206616B616D6169034E45540000010001C0120002000100000FA00007046E336732C015C0120002000100000FA00007046E326732C015C0120002000100000FA00007046E356732C015C0120002000100000FA00007046E316732C015C0120002000100000FA00007046E366732C015C0120002000100000FA00007046E306732C015C0120002000100000FA00007046E376732C015C0120002000100000FA00007046E346732C015C06A0001000100000FA0000402179A17C0900001000100000FA0000458DD51C0C090001C000100000FA0001026001480E800000000000000000000C0C0A30001000100000FA00004B90A7C0FC0B60001000100000FA000046867483CC0310001000100000FA0000402165839C0570001000100000FA00004686748A6C07D0001000100000FA000046867483EC0440001000100000FA00004686748BC0000291000000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:52.858 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""g2.akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n3g2.akamai.NET""},{""dns.authority.name"":""g2.akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n2g2.akamai.NET""},{""dns.authority.name"":""g2.akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n5g2.akamai.NET""},{""dns.authority.name"":""g2.akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n1g2.akamai.NET""},{""dns.authority.name"":""g2.akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n6g2.akamai.NET""},{""dns.authority.name"":""g2.akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n0g2.akamai.NET""},{""dns.authority.name"":""g2.akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n7g2.akamai.NET""},{""dns.authority.name"":""g2.akamai.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n4g2.akamai.NET""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:54.001 PM",,,,,,,,,,,,,,,,,,3595,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:24:50.894 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"a1943.g2.akamai.NET.",1,14000,0,14000,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""a1943.g2.akamai.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x36B00000000100000000000105613139343302673206616B616D6169034E455400000100010000290FA0000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:52.858 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","104.103.72.166",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:54.001 PM",,,,,,,,,,,,,,,,,,,7,".",Default,"[{""dns.answer.name"":""a1943.g2.akamai.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":20,""dns.answer.data"":""185.10.124.35""},{""dns.answer.name"":""a1943.g2.akamai.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":20,""dns.answer.data"":""185.10.124.48""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:24:50.915 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","104.103.72.166",,"a1943.g2.akamai.NET.",1,14000,0,14000,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""a1943.g2.akamai.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x36B08400000100020000000105613139343302673206616B616D6169034E45540000010001C00C00010001000000140004B90A7C23C00C00010001000000140004B90A7C300000291000000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:52.858 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:54.001 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""adl.windows.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3599,""dns.answer.data"":""adl.windows.com.edgesuite.net""},{""dns.answer.name"":""adl.windows.com.edgesuite.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":21599,""dns.answer.data"":""a1943.g2.akamai.net""},{""dns.answer.name"":""a1943.g2.akamai.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":15,""dns.answer.data"":""185.10.124.35""},{""dns.answer.name"":""a1943.g2.akamai.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":15,""dns.answer.data"":""185.10.124.48""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:24:50.915 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"adl.windows.com.",1,3595,54472,3595,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""adl.windows.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0E0B818000010004000000000361646C0777696E646F777303636F6D0000010001C00C0005000100000E0F001F0361646C0777696E646F777303636F6D09656467657375697465036E657400C02D000500010000545F001205613139343302673206616B616D6169C047C058000100010000000F0004B90A7C23C058000100010000000F0004B90A7C30,"VirtualizationInstance:.","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:52.858 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,4386,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:57:20.494 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:57:17.889 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,49167,64772,49167,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC00F010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","b3003946-e944-4d21-a7ae-57fd681139d5","7/27/2023, 2:57:19.907 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:57:20.494 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:57:17.889 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,49167,64772,49167,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC00F818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:57:19.907 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:57:20.494 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:57:17.889 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,49167,64772,49167,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC00F818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:57:19.907 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:57:20.494 PM",,,,,,,,,,,,,,,,,,49167,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:57:17.889 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,64771,0,64771,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFD030000000100000000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","b3003946-e944-4d21-a7ae-57fd681139d5","7/27/2023, 2:57:19.907 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:57:20.494 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.221""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:57:17.917 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,64771,0,64771,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFD038400000100010000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADD00002904D0000000000000,".","b3003946-e944-4d21-a7ae-57fd681139d5","7/27/2023, 2:57:19.907 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:57:20.494 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":53,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":53,""dns.answer.data"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.221""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:57:17.918 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,49167,64772,49167,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC00F818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000350025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000035002D16697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADD,"VirtualizationInstance:.","b3003946-e944-4d21-a7ae-57fd681139d5","7/27/2023, 2:57:19.907 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,29,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:04.609 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:01.661 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,33102,52394,33102,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x814E010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","f1e7e2c8-fc9e-4b24-91a8-c019ae5c68fb","7/27/2023, 2:25:03.671 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:04.609 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:01.661 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,33102,52394,33102,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x814E818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:25:03.671 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:04.609 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:01.661 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,33102,52394,33102,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x814E818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:25:03.671 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:04.609 PM",,,,,,,,,,,,,,,,,,33102,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:01.661 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,60480,0,60480,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xEC400000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","f1e7e2c8-fc9e-4b24-91a8-c019ae5c68fb","7/27/2023, 2:25:03.671 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:04.609 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:01.814 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,60480,0,60480,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xEC408400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","f1e7e2c8-fc9e-4b24-91a8-c019ae5c68fb","7/27/2023, 2:25:03.671 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:04.609 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":175,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":175,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:25:01.814 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,33102,52394,33102,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x814E818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000AF0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000AF002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000900040D456A5E,"VirtualizationInstance:.","f1e7e2c8-fc9e-4b24-91a8-c019ae5c68fb","7/27/2023, 2:25:03.671 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,153,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:58:23.514 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,27209,0,27209,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6A49840000010001000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E65740000002904D0000000000000,".","395824ce-c86c-44b4-9f9c-171b6986c947","7/27/2023, 2:58:25.485 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:58:23.514 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,5813,64171,5813,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x16B5818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:58:25.485 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:58:23.515 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"tm1.edgedns-tm.info.",1,60749,0,60749,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xED4D0000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:58:25.485 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.4",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:58:23.517 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,5813,64171,5813,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x16B5010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","c48b2cbb-e888-4d56-9acf-d12c08505548","7/27/2023, 2:58:25.485 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:58:23.517 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,5813,64171,5813,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x16B5818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:58:25.485 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:58:23.518 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"tm1.edgedns-tm.info.",1,22951,0,22951,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x59A70000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:58:25.485 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.206.36",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""tm1.edgedns-tm.info"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""13.107.222.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:58:23.545 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.4",,"tm1.edgedns-tm.info.",1,60749,0,60749,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xED4D8400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:58:25.485 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,5813,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:58:23.545 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"opinsightsweuods.trafficmanager.NET.",1,2757,0,2757,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0AC500000001000000000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","395824ce-c86c-44b4-9f9c-171b6986c947","7/27/2023, 2:58:25.485 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""tm1.edgedns-tm.info"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""13.107.222.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:58:23.547 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.206.36",,"tm1.edgedns-tm.info.",1,22951,0,22951,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x59A78400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:58:25.501 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""opinsightsweuods.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:58:23.572 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"opinsightsweuods.trafficmanager.NET.",1,2757,0,2757,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0AC584000001000100000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E45540000010001C00C000500010000012C003616697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","395824ce-c86c-44b4-9f9c-171b6986c947","7/27/2023, 2:58:25.501 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:58:23.572 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,5813,64171,5813,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x16B5818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:58:25.501 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,5813,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:58:23.572 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,45761,0,45761,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB2C10000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","395824ce-c86c-44b4-9f9c-171b6986c947","7/27/2023, 2:58:25.501 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:58:23.600 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,45761,0,45761,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB2C18400000100010000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADE00002904D0000000000000,".","395824ce-c86c-44b4-9f9c-171b6986c947","7/27/2023, 2:58:25.501 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:26.395 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":299,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":299,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:58:23.600 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,5813,64171,5813,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x16B5818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012B0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000012B002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADE,"VirtualizationInstance:.","395824ce-c86c-44b4-9f9c-171b6986c947","7/27/2023, 2:58:25.501 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,143,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:35.467 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 3:00:32.789 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,33511,54472,33511,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x82E7010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","0a368641-06df-4787-9aac-f95ed1bcb144","7/27/2023, 3:00:34.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:35.467 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 3:00:32.789 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,33511,54472,33511,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x82E7818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 3:00:34.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:35.467 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 3:00:32.789 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,33511,54472,33511,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x82E7818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 3:00:34.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:35.467 PM",,,,,,,,,,,,,,,,,,33511,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 3:00:32.790 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,15132,0,15132,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3B1C0000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","0a368641-06df-4787-9aac-f95ed1bcb144","7/27/2023, 3:00:34.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:35.467 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 3:00:32.815 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,15132,0,15132,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3B1C8000000100000006000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C023000200010000012C0014076E73312D32303109617A7572652D646E73C03DC023000200010000012C0017076E73322D32303109617A7572652D646E73036E657400C023000200010000012C0018086E7331312D32303109617A7572652D646E73036F726700C023000200010000012C0019086E7331322D32303109617A7572652D646E7304696E666F00C023000200010000012C000B086E7331302D323031C07AC023000200010000012C000A076E73392D323031C05A00002904D0000000000000,".","0a368641-06df-4787-9aac-f95ed1bcb144","7/27/2023, 3:00:34.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-201.azure-dns.com""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-201.azure-dns.org""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-201.azure-dns.info""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-201.azure-dns.com""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:35.467 PM",,,,,,,,,,,,,,,,,,33511,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 3:00:32.816 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,63299,0,63299,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF7430000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","0a368641-06df-4787-9aac-f95ed1bcb144","7/27/2023, 3:00:34.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:35.467 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 3:00:32.840 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,63299,0,63299,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF7438400000100010000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADE00002904D0000000000000,".","0a368641-06df-4787-9aac-f95ed1bcb144","7/27/2023, 3:00:34.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:35.467 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":170,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":170,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 3:00:32.841 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,33511,54472,33511,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x82E7818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000AA0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000AA002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C000100010000000A000434ECBADE,"VirtualizationInstance:.","0a368641-06df-4787-9aac-f95ed1bcb144","7/27/2023, 3:00:35.313 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,52,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:24:32.601 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"settings-win.data.microsoft.com.",1,9224,57919,9224,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2408010000010000000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,".","28de1707-facd-4380-94a4-6481f9c8cd14","7/27/2023, 2:24:34.608 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:24:32.601 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"atm-settingsfe-prod-geo2.trafficmanager.net.",1,9224,57919,9224,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2408818000010001000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:24:34.608 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,9224,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:24:32.601 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"atm-settingsfe-prod-geo2.trafficmanager.NET.",1,28872,0,28872,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""atm-settingsfe-prod-geo2.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x70C8000000010000000000011861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","28de1707-facd-4380-94a4-6481f9c8cd14","7/27/2023, 2:24:34.610 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""atm-settingsfe-prod-geo2.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""settings-prod-neu-2.northeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:24:32.634 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"atm-settingsfe-prod-geo2.trafficmanager.NET.",1,28872,0,28872,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""atm-settingsfe-prod-geo2.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x70C8840000010001000000011861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572034E45540000010001C00C000500010000003C00341373657474696E67732D70726F642D6E65752D320B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","28de1707-facd-4380-94a4-6481f9c8cd14","7/27/2023, 2:24:34.610 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:24:32.634 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"settings-prod-neu-2.northeurope.cloudapp.azure.com.",1,9224,57919,9224,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2408818000010002000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:24:34.610 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,9224,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:24:32.634 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"settings-prod-neu-2.northeurope.cloudapp.azure.com.",1,38011,0,38011,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""settings-prod-neu-2.northeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x947B000000010000000000011373657474696E67732D70726F642D6E65752D320B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","28de1707-facd-4380-94a4-6481f9c8cd14","7/27/2023, 2:24:34.610 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,,2,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:24:32.665 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"settings-prod-neu-2.northeurope.cloudapp.azure.com.",1,38011,0,38011,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""settings-prod-neu-2.northeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x947B800000010000000400011373657474696E67732D70726F642D6E65752D320B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D0000010001C020000200010000012C0014076E73392D32303109617A7572652D646E73C03BC020000200010000012C0018086E7331302D32303109617A7572652D646E73036E657400C020000200010000012C0018086E7331312D32303109617A7572652D646E73036F726700C020000200010000012C0019086E7331322D32303109617A7572652D646E7304696E666F0000002904D0000000000000,".","28de1707-facd-4380-94a4-6481f9c8cd14","7/27/2023, 2:24:34.610 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""northeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-201.azure-dns.com""},{""dns.authority.name"":""northeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-201.azure-dns.net""},{""dns.authority.name"":""northeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-201.azure-dns.org""},{""dns.authority.name"":""northeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-201.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,9224,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:24:32.665 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"settings-prod-neu-2.northeurope.cloudapp.azure.com.",1,31041,0,31041,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""settings-prod-neu-2.northeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7941000000010000000000011373657474696E67732D70726F642D6E65752D320B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","28de1707-facd-4380-94a4-6481f9c8cd14","7/27/2023, 2:24:34.610 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""settings-prod-neu-2.northeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""51.104.136.2""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:24:32.692 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"settings-prod-neu-2.northeurope.cloudapp.azure.com.",1,31041,0,31041,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""settings-prod-neu-2.northeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7941840000010001000000011373657474696E67732D70726F642D6E65752D320B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00043368880200002904D0000000000000,".","28de1707-facd-4380-94a4-6481f9c8cd14","7/27/2023, 2:24:34.610 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""settings-win.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3015,""dns.answer.data"":""atm-settingsfe-prod-geo2.trafficmanager.net""},{""dns.answer.name"":""atm-settingsfe-prod-geo2.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":59,""dns.answer.data"":""settings-prod-neu-2.northeurope.cloudapp.azure.com""},{""dns.answer.name"":""settings-prod-neu-2.northeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""51.104.136.2""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:24:32.692 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"settings-win.data.microsoft.com.",1,9224,57919,9224,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2408818000010003000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001C00C0005000100000BC7002D1861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572036E657400C03D000500010000003B00311373657474696E67732D70726F642D6E65752D320B6E6F7274686575726F706508636C6F756461707005617A757265C028C0760001000100000009000433688802,"VirtualizationInstance:.","28de1707-facd-4380-94a4-6481f9c8cd14","7/27/2023, 2:24:34.610 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,91,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:24:33.389 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"msftspeechmodelsprod.azureedge.net.",1,19030,63203,19030,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""msftspeechmodelsprod.azureedge.net"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x4A5601000001000000000000146D7366747370656563686D6F64656C7370726F6409617A75726565646765036E65740000010001,".","0c5e4127-2be0-4c5e-a37e-096e9f2845b0","7/27/2023, 2:24:34.610 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,19030,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:24:33.389 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"msftspeechmodelsprod.azureedge.net.",1,25504,0,25504,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""msftspeechmodelsprod.azureedge.net"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x63A000000001000000000001146D7366747370656563686D6F64656C7370726F6409617A75726565646765036E657400000100010000290FA0000000000000,".","0c5e4127-2be0-4c5e-a37e-096e9f2845b0","7/27/2023, 2:24:34.610 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.21.6",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:24:33.418 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33795,0,"0.0.0.0","150.171.21.6",,"msftspeechmodelsprod.azureedge.net.",1,25504,0,25504,false,false,true,QUERY,true,NXDOMAIN,false,false,false,"[{""dns.query.name"":""msftspeechmodelsprod.azureedge.net"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x63A084030001000000010001146D7366747370656563686D6F64656C7370726F6409617A75726565646765036E65740000010001C021000600010000003C003D066E73312D303609617A7572652D646E7303636F6D00066D736E687374096D6963726F736F6674C05100002711000003840000012C00093A800000003C00002904D0000000000000,".","0c5e4127-2be0-4c5e-a37e-096e9f2845b0","7/27/2023, 2:24:34.610 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,"[{""dns.authority.name"":""azureedge.net"",""dns.authority.type"":""SOA"",""dns.authority.class"":""IN"",""dns.authority.ttl"":60,""dns.soa.data.name_server"":""ns1-06.azure-dns.com"",""dns.soa.data.auth_mailbox"":""msnhst.microsoft.com"",""dns.soa.data.serial_number"":10001,""dns.soa.data.refresh_interval"":900,""dns.soa.data.retry_interval"":300,""dns.soa.data.expire_limit"":604800,""dns.soa.data.min_ttl"":60}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:35.542 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:24:33.418 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33155,0,"172.18.88.20",,,"msftspeechmodelsprod.azureedge.net.",1,19030,63203,19030,true,false,false,QUERY,true,NXDOMAIN,false,false,true,"[{""dns.query.name"":""msftspeechmodelsprod.azureedge.net"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x4A5681830001000000010000146D7366747370656563686D6F64656C7370726F6409617A75726565646765036E65740000010001C021000600010000003C003D066E73312D303609617A7572652D646E7303636F6D00066D736E687374096D6963726F736F6674C05100002711000003840000012C00093A800000003C,"VirtualizationInstance:.","0c5e4127-2be0-4c5e-a37e-096e9f2845b0","7/27/2023, 2:24:34.610 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,3,Default,"..Cache",NULL,"[{""dns.authority.name"":""azureedge.net"",""dns.authority.type"":""SOA"",""dns.authority.class"":""IN"",""dns.authority.ttl"":60,""dns.soa.data.name_server"":""ns1-06.azure-dns.com"",""dns.soa.data.auth_mailbox"":""msnhst.microsoft.com"",""dns.soa.data.serial_number"":10001,""dns.soa.data.refresh_interval"":900,""dns.soa.data.retry_interval"":300,""dns.soa.data.expire_limit"":604800,""dns.soa.data.min_ttl"":60}]",29,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:46.239 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 3:00:43.646 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,44051,54472,44051,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAC13010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","9964c88c-8ded-45f7-b133-c4c2e2c2d23f","7/27/2023, 3:00:45.672 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:46.239 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 3:00:43.646 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,44051,54472,44051,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAC13818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 3:00:45.672 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:46.239 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 3:00:43.646 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,44051,54472,44051,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAC13818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 3:00:45.672 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:46.239 PM",,,,,,,,,,,,,,,,,,44051,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 3:00:43.647 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,62360,0,62360,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF3980000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","9964c88c-8ded-45f7-b133-c4c2e2c2d23f","7/27/2023, 3:00:45.672 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:46.239 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 3:00:43.673 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,62360,0,62360,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF3988400000100010000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADE00002904D0000000000000,".","9964c88c-8ded-45f7-b133-c4c2e2c2d23f","7/27/2023, 3:00:45.672 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:00:46.239 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":159,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":159,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 3:00:43.673 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,44051,54472,44051,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAC13818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000009F0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000009F002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C000100010000000A000434ECBADE,"VirtualizationInstance:.","9964c88c-8ded-45f7-b133-c4c2e2c2d23f","7/27/2023, 3:00:46.188 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,27,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:14.474 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:11.534 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,38227,50249,38227,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9553010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","87d65c34-8be3-4f79-8d91-fa2765007a37","7/27/2023, 2:25:13.562 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:14.474 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:11.534 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,38227,50249,38227,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9553818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:25:13.562 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:14.474 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:11.534 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,38227,50249,38227,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9553818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:25:13.562 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:14.474 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":165,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":165,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":0,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:25:11.534 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,38227,50249,38227,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9553818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000A50025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000A5002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000000040D456A5E,"VirtualizationInstance:.","87d65c34-8be3-4f79-8d91-fa2765007a37","7/27/2023, 2:25:14.062 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,1,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:01:29.929 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 3:01:27.258 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,27075,60503,27075,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x69C3010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","6aab49e8-ca49-477d-b639-1b80b00b3804","7/27/2023, 3:01:29.266 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:01:29.929 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 3:01:27.258 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,27075,60503,27075,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x69C3818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 3:01:29.266 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:01:29.929 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 3:01:27.258 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,27075,60503,27075,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x69C3818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 3:01:29.266 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:01:29.929 PM",,,,,,,,,,,,,,,,,,27075,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 3:01:27.259 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,22902,0,22902,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x59760000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","6aab49e8-ca49-477d-b639-1b80b00b3804","7/27/2023, 3:01:29.266 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:01:29.929 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 3:01:27.287 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,22902,0,22902,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x59768400000100010000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADE00002904D0000000000000,".","6aab49e8-ca49-477d-b639-1b80b00b3804","7/27/2023, 3:01:29.266 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 3:01:29.929 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":116,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":116,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 3:01:27.287 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,27075,60503,27075,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x69C3818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000740025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000074002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADE,"VirtualizationInstance:.","6aab49e8-ca49-477d-b639-1b80b00b3804","7/27/2023, 3:01:29.266 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,29,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:43.365 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"fe2.update.microsoft.com.",1,64717,50451,64717,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""fe2.update.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFCCD010000010000000000000366653206757064617465096D6963726F736F667403636F6D0000010001,".","eb31bb17-35b4-423a-8938-7875a254ea45","7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:43.365 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"fe2.update.msft.com.trafficmanager.net.",1,64717,50451,64717,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""fe2.update.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFCCD818000010001000000000366653206757064617465096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:43.365 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"tm1.edgedns-tm.info.",1,18265,0,18265,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x47590000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","208.84.5.4",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:43.390 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"fe2.update.microsoft.com.",1,64717,50451,64717,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""fe2.update.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFCCD010000010000000000000366653206757064617465096D6963726F736F667403636F6D0000010001,".","a9ac8411-c40b-4152-b6bc-66b0ed2a56dd","7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:43.390 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"fe2.update.msft.com.trafficmanager.net.",1,64717,50451,64717,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""fe2.update.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFCCD818000010001000000000366653206757064617465096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:43.391 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"tm1.edgedns-tm.info.",1,37244,0,37244,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x917C0000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","204.14.183.4",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""tm1.edgedns-tm.info"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""13.107.222.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:43.397 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","208.84.5.4",,"tm1.edgedns-tm.info.",1,18265,0,18265,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x47598400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,64717,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:43.397 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"fe2.update.msft.com.trafficmanager.NET.",1,25115,0,25115,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""fe2.update.msft.com.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x621B000000010000000000010366653206757064617465046D73667403636F6D0E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","eb31bb17-35b4-423a-8938-7875a254ea45","7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""tm1.edgedns-tm.info"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""13.107.222.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:43.422 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","204.14.183.4",,"tm1.edgedns-tm.info.",1,37244,0,37244,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x917C8400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""fe2.update.msft.com.trafficmanager.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""20.83.81.165""},{""dns.answer.name"":""fe2.update.msft.com.trafficmanager.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""52.254.114.65""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:43.429 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"fe2.update.msft.com.trafficmanager.NET.",1,25115,0,25115,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""fe2.update.msft.com.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x621B840000010002000000010366653206757064617465046D73667403636F6D0E747261666669636D616E61676572034E45540000010001C00C000100010000003C0004145351A5C00C000100010000003C000434FE724100002904D0000000000000,".","eb31bb17-35b4-423a-8938-7875a254ea45","7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""fe2.update.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":2945,""dns.answer.data"":""fe2.update.msft.com.trafficmanager.net""},{""dns.answer.name"":""fe2.update.msft.com.trafficmanager.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""20.83.81.165""},{""dns.answer.name"":""fe2.update.msft.com.trafficmanager.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""52.254.114.65""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:25:43.429 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"fe2.update.microsoft.com.",1,64717,50451,64717,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""fe2.update.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFCCD818000010003000000000366653206757064617465096D6963726F736F667403636F6D0000010001C00C0005000100000B8100280366653206757064617465046D73667403636F6D0E747261666669636D616E61676572036E657400C036000100010000003C0004145351A5C036000100010000003C000434FE7241,"VirtualizationInstance:.","eb31bb17-35b4-423a-8938-7875a254ea45","7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,64,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:44.233 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"v10.events.data.microsoft.com.",1,65017,58349,65017,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFDF90100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,".","d4964fe9-2ac3-4f7a-92ba-33fff0266d0c","7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,65017,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:44.233 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"v10.events.data.microsoft.com.",1,355,0,355,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x01630000000100000000000103763130066576656E74730464617461096D6963726F736F667403636F6D00000100010000290FA0000000000000,".","d4964fe9-2ac3-4f7a-92ba-33fff0266d0c","7/27/2023, 2:25:44.374 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":120,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:44.263 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.39",,"v10.events.data.microsoft.com.",1,355,0,355,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x01638400000100010000000103763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007800382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E65740000002904D0000000000000,".","d4964fe9-2ac3-4f7a-92ba-33fff0266d0c","7/27/2023, 2:25:44.938 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:44.263 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"win-global-asimov-leafs-events-data.trafficmanager.net.",1,65017,58349,65017,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFDF98180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:25:44.938 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:45.407 PM",,,,,,,,,,,,,,,,,,65017,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:44.264 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,62981,0,62981,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF605000000010000000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","d4964fe9-2ac3-4f7a-92ba-33fff0266d0c","7/27/2023, 2:25:44.938 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:46.098 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:44.281 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"v10.events.data.microsoft.com.",1,65017,58349,65017,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFDF90100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,".","52f2bd60-5e89-4fb8-99fc-f0be46f744bd","7/27/2023, 2:25:45.405 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:46.098 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:44.281 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"win-global-asimov-leafs-events-data.trafficmanager.net.",1,65017,58349,65017,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFDF98180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:25:45.405 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:46.098 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""onedscolprdwus11.westus.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:44.295 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,62981,0,62981,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF605840000010001000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E45540000010001C00C000500010000003C002C106F6E656473636F6C70726477757331310677657374757308636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","d4964fe9-2ac3-4f7a-92ba-33fff0266d0c","7/27/2023, 2:25:45.405 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:46.098 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:44.295 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"onedscolprdwus11.westus.cloudapp.azure.com.",1,65017,58349,65017,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFDF98180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:25:45.405 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:46.098 PM",,,,,,,,,,,,,,,,,,65017,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:44.296 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprdwus11.westus.cloudapp.azure.com.",1,34981,0,34981,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdwus11.westus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x88A500000001000000000001106F6E656473636F6C70726477757331310677657374757308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","d4964fe9-2ac3-4f7a-92ba-33fff0266d0c","7/27/2023, 2:25:45.405 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:46.098 PM",,,,,,,,,,,,,,,,,,,3,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:44.328 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"onedscolprdwus11.westus.cloudapp.azure.com.",1,34981,0,34981,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdwus11.westus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x88A580000001000000040001106F6E656473636F6C70726477757331310677657374757308636C6F756461707005617A75726503636F6D0000010001C01D000200010000012C0013066E73392D303209617A7572652D646E73C033C01D000200010000012C0017076E7331302D303209617A7572652D646E73036E657400C01D000200010000012C0017076E7331312D303209617A7572652D646E73036F726700C01D000200010000012C0018076E7331322D303209617A7572652D646E7304696E666F0000002904D0000000000000,".","d4964fe9-2ac3-4f7a-92ba-33fff0266d0c","7/27/2023, 2:25:45.405 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""westus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-02.azure-dns.com""},{""dns.authority.name"":""westus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-02.azure-dns.net""},{""dns.authority.name"":""westus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-02.azure-dns.org""},{""dns.authority.name"":""westus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-02.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:46.098 PM",,,,,,,,,,,,,,,,,,65017,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:44.328 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprdwus11.westus.cloudapp.azure.com.",1,4854,0,4854,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdwus11.westus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x12F600000001000000000001106F6E656473636F6C70726477757331310677657374757308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","d4964fe9-2ac3-4f7a-92ba-33fff0266d0c","7/27/2023, 2:25:45.405 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.2",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""onedscolprdwus11.westus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""20.189.173.12""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:44.355 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.2",,"onedscolprdwus11.westus.cloudapp.azure.com.",1,4854,0,4854,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdwus11.westus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x12F684000001000100000001106F6E656473636F6C70726477757331310677657374757308636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000414BDAD0C00002904D0000000000000,".","d4964fe9-2ac3-4f7a-92ba-33fff0266d0c","7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":120,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""},{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""onedscolprdwus11.westus.cloudapp.azure.com""},{""dns.answer.name"":""onedscolprdwus11.westus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""20.189.173.12""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:25:44.355 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"v10.events.data.microsoft.com.",1,65017,58349,65017,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFDF98180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007800382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E657400C03B000500010000003C0029106F6E656473636F6C70726477757331310677657374757308636C6F756461707005617A757265C026C07F000100010000000A000414BDAD0C,"VirtualizationInstance:.","d4964fe9-2ac3-4f7a-92ba-33fff0266d0c","7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,121,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:44.946 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"download.windowsupdate.com.",1,64256,54472,64256,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""download.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFB000100000100000000000008646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:44.946 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"wu-fg-shim.trafficmanager.net.",1,64256,54472,64256,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""download.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFB008180000100010000000008646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001,,,"7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,64256,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:44.946 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"wu-fg-shim.trafficmanager.NET.",1,25823,0,25823,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wu-fg-shim.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x64DF000000010000000000010A77752D66672D7368696D0E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""wu-fg-shim.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":600,""dns.answer.data"":""fg.wu.ec.azureedge.NET""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:44.976 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"wu-fg-shim.trafficmanager.NET.",1,25823,0,25823,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""wu-fg-shim.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x64DF840000010001000000010A77752D66672D7368696D0E747261666669636D616E61676572034E45540000010001C00C0005000100000258001502666702777502656309617A75726565646765C02600002904D0000000000000,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:44.977 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"fg.wu.ec.azureedge.net.",1,64256,54472,64256,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""download.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFB008180000100020000000008646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001,,,"7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,64256,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:44.977 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"fg.wu.ec.azureedge.NET.",1,5840,0,5840,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""fg.wu.ec.azureedge.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x16D00000000100000000000102666702777502656309617A75726565646765034E455400000100010000290FA0000000000000,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","198.7.29.6",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:44.983 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"download.windowsupdate.com.",1,64256,54472,64256,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""download.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFB000100000100000000000008646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001,".","6b79c0d8-3889-4f85-befc-fe5c3e50c5b3","7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:44.983 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"wu-fg-shim.trafficmanager.net.",1,64256,54472,64256,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""download.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFB008180000100010000000008646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001,,,"7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:44.983 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"fg.wu.ec.azureedge.net.",1,64256,54472,64256,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""download.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFB008180000100020000000008646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001,,,"7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""fg.wu.ec.azureedge.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""hlb.apr-52dd2-0.edgecastdns.NET""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:45.009 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","198.7.29.6",,"fg.wu.ec.azureedge.NET.",1,5840,0,5840,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""fg.wu.ec.azureedge.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x16D08400000100010000000102666702777502656309617A75726565646765034E45540000010001C00C000500010000012C001E03686C620B6170722D35326464322D300B6564676563617374646E73C01F00002904D0000000000000,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:45.009 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"hlb.apr-52dd2-0.edgecastdns.net.",1,64256,54472,64256,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""download.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFB008180000100030000000008646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001,,,"7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,64256,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:45.009 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"hlb.apr-52dd2-0.edgecastdns.NET.",1,43645,0,43645,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""hlb.apr-52dd2-0.edgecastdns.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAA7D0000000100000000000003686C620B6170722D35326464322D300B6564676563617374646E73034E45540000010001,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.16.16.6",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""hlb.apr-52dd2-0.edgecastdns.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""cs11.wpc.v0cdn.NET""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:45.030 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","192.16.16.6",,"hlb.apr-52dd2-0.edgecastdns.NET.",1,43645,0,43645,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""hlb.apr-52dd2-0.edgecastdns.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAA7D8400000100010000000003686C620B6170722D35326464322D300B6564676563617374646E73034E45540000010001C00C000500010000012C001104637331310377706305763063646EC028,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:45.030 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"cs11.wpc.v0cdn.net.",1,64256,54472,64256,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""download.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFB008180000100040000000008646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001,,,"7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,,64256,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:45.030 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"cs11.wpc.v0cdn.NET.",1,62054,0,62054,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""cs11.wpc.v0cdn.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF2660000000100000000000104637331310377706305763063646E034E455400000100010000290FA0000000000000,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.55.83.30",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""ns1.v0cdn.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2606:2800:1::5""},{""dns.additional.name"":""ns1.v0cdn.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""72.21.80.5""},{""dns.additional.name"":""ns2.v0cdn.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2606:2800:1::6""},{""dns.additional.name"":""ns2.v0cdn.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""72.21.80.6""},{""dns.additional.name"":""ns3.v0cdn.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""192.229.254.5""},{""dns.additional.name"":""ns3.v0cdn.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2606:2800:e::5""},{""dns.additional.name"":""ns4.v0cdn.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""192.229.254.6""},{""dns.additional.name"":""ns4.v0cdn.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2606:2800:e::6""}]",,4,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:45.071 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","192.55.83.30",,"cs11.wpc.v0cdn.NET.",1,62054,0,62054,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""cs11.wpc.v0cdn.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF2668000000100000004000904637331310377706305763063646E034E45540000010001C015000200010002A3000006036E7331C015C015000200010002A3000006036E7332C015C015000200010002A3000006036E7333C015C015000200010002A3000006036E7334C015C030001C00010002A300001026062800000100000000000000000005C030000100010002A300000448155005C042001C00010002A300001026062800000100000000000000000006C042000100010002A300000448155006C054000100010002A3000004C0E5FE05C054001C00010002A300001026062800000E00000000000000000005C066000100010002A3000004C0E5FE06C066001C00010002A300001026062800000E000000000000000000060000291000000000000000,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""v0cdn.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns1.v0cdn.NET""},{""dns.authority.name"":""v0cdn.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns2.v0cdn.NET""},{""dns.authority.name"":""v0cdn.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns3.v0cdn.NET""},{""dns.authority.name"":""v0cdn.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns4.v0cdn.NET""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:47.407 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:25:45.071 PM",2908,4024,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","2606:2800:e::5",,"cs11.wpc.v0cdn.NET.",1,56223,,,,,,,,,,,,,,".",,"7/27/2023, 2:25:46.421 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,"..Cache",NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:50.515 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:48.628 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"fe3.delivery.mp.microsoft.com.",1,36246,51139,36246,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""fe3.delivery.mp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8D9601000001000000000000036665330864656C6976657279026D70096D6963726F736F667403636F6D0000010001,".","122143fa-5844-4d61-b201-656b90589d85","7/27/2023, 2:25:49.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:50.515 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:48.628 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"glb.cws.prod.dcat.dsp.trafficmanager.net.",1,36246,51139,36246,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""fe3.delivery.mp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8D9681800001000100000000036665330864656C6976657279026D70096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:25:49.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:50.515 PM",,,,,,,,,,,,,,,,,,36246,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:48.628 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"glb.cws.prod.dcat.dsp.trafficmanager.NET.",1,44276,0,44276,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""glb.cws.prod.dcat.dsp.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xACF40000000100000000000103676C62036377730470726F640464636174036473700E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","122143fa-5844-4d61-b201-656b90589d85","7/27/2023, 2:25:49.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:50.515 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""glb.cws.prod.dcat.dsp.trafficmanager.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""13.95.31.18""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:48.658 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"glb.cws.prod.dcat.dsp.trafficmanager.NET.",1,44276,0,44276,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""glb.cws.prod.dcat.dsp.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xACF48400000100010000000103676C62036377730470726F640464636174036473700E747261666669636D616E61676572034E45540000010001C00C000100010000012C00040D5F1F1200002904D0000000000000,".","122143fa-5844-4d61-b201-656b90589d85","7/27/2023, 2:25:49.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:50.515 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""fe3.delivery.mp.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":2954,""dns.answer.data"":""glb.cws.prod.dcat.dsp.trafficmanager.net""},{""dns.answer.name"":""glb.cws.prod.dcat.dsp.trafficmanager.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":299,""dns.answer.data"":""13.95.31.18""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:25:48.658 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"fe3.delivery.mp.microsoft.com.",1,36246,51139,36246,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""fe3.delivery.mp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8D9681800001000200000000036665330864656C6976657279026D70096D6963726F736F667403636F6D0000010001C00C0005000100000B8A002A03676C62036377730470726F640464636174036473700E747261666669636D616E61676572036E657400C03B000100010000012B00040D5F1F12,"VirtualizationInstance:.","122143fa-5844-4d61-b201-656b90589d85","7/27/2023, 2:25:49.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,29,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:50.515 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:49.086 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"v10.events.data.microsoft.com.",1,9286,57920,9286,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x24460100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,".","932d09ba-5d60-4c35-8264-40ddcb492344","7/27/2023, 2:25:49.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:50.515 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:49.086 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"win-global-asimov-leafs-events-data.trafficmanager.net.",1,9286,57920,9286,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x24468180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:25:49.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:50.515 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:49.086 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"onedscolprdwus11.westus.cloudapp.azure.com.",1,9286,57920,9286,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x24468180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:25:49.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:50.515 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":115,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""},{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":55,""dns.answer.data"":""onedscolprdwus11.westus.cloudapp.azure.com""},{""dns.answer.name"":""onedscolprdwus11.westus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":5,""dns.answer.data"":""20.189.173.12""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:25:49.087 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"v10.events.data.microsoft.com.",1,9286,57920,9286,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x24468180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007300382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E657400C03B00050001000000370029106F6E656473636F6C70726477757331310677657374757308636C6F756461707005617A757265C026C07F0001000100000005000414BDAD0C,"VirtualizationInstance:.","932d09ba-5d60-4c35-8264-40ddcb492344","7/27/2023, 2:25:49.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:50.515 PM",,,,,,,,,,,,,,,,,,64256,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",262,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,2,"RECURSE_QUERY ",9223372036854775872,"7/27/2023, 2:25:49.123 PM",2908,3164,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,,"download.windowsupdate.com.",1,40923,0,,,,,,,,,,,,,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:49.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","2606:2800:e::5",,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:50.515 PM",,,,,,,,,,,,,,,,,,64256,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:49.124 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"cs11.wpc.v0cdn.NET.",1,40923,0,40923,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""cs11.wpc.v0cdn.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9FDB0000000100000000000104637331310377706305763063646E034E455400000100010000290FA0000000000000,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:49.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.229.254.6",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:50.515 PM",,,,,,,,,,,,,,,,,,64256,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:49.124 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"cs11.wpc.v0cdn.NET.",1,40923,0,40923,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""cs11.wpc.v0cdn.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9FDB0000000100000000000104637331310377706305763063646E034E455400000100010000290FA0000000000000,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:50.125 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.229.254.5",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,,6,".",Default,"[{""dns.answer.name"":""cs11.wpc.v0cdn.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3600,""dns.answer.data"":""93.184.221.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:49.146 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","192.229.254.6",,"cs11.wpc.v0cdn.NET.",1,40923,0,40923,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""cs11.wpc.v0cdn.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9FDB8400000100010000000104637331310377706305763063646E034E45540000010001C00C0001000100000E1000045DB8DDF000002904D0000000000000,".","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""download.windowsupdate.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":2944,""dns.answer.data"":""wu-fg-shim.trafficmanager.net""},{""dns.answer.name"":""wu-fg-shim.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":600,""dns.answer.data"":""fg.wu.ec.azureedge.net""},{""dns.answer.name"":""fg.wu.ec.azureedge.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""hlb.apr-52dd2-0.edgecastdns.net""},{""dns.answer.name"":""hlb.apr-52dd2-0.edgecastdns.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""cs11.wpc.v0cdn.net""},{""dns.answer.name"":""cs11.wpc.v0cdn.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3596,""dns.answer.data"":""93.184.221.240""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:25:49.146 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"download.windowsupdate.com.",1,64256,54472,64256,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""download.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFB008180000100050000000008646F776E6C6F61640D77696E646F777375706461746503636F6D0000010001C00C0005000100000B80001F0A77752D66672D7368696D0E747261666669636D616E61676572036E657400C0380005000100000258001502666702777502656309617A75726565646765C052C063000500010000012C001E03686C620B6170722D35326464322D300B6564676563617374646E73C052C084000500010000012C001104637331310377706305763063646EC052C0AE0001000100000E0C00045DB8DDF0,"VirtualizationInstance:.","04ed4273-1581-4c4e-b291-f9100181a414","7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,4201,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,,0,".",Default,"[{""dns.answer.name"":""cs11.wpc.v0cdn.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3600,""dns.answer.data"":""93.184.221.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:49.152 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","192.229.254.5",,"cs11.wpc.v0cdn.NET.",1,40923,0,40923,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""cs11.wpc.v0cdn.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9FDB8400000100010000000104637331310377706305763063646E034E45540000010001C00C0001000100000E1000045DB8DDF000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:25:49.152 PM",2908,4028,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","192.229.254.5",,"cs11.wpc.v0cdn.NET.",1,40923,,,,,,,,,,,,,,".",,"7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,NULL,NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:49.287 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,62567,57919,62567,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF467010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","e21f2465-ca25-4997-b863-b2ea70008cb5","7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:49.287 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,62567,57919,62567,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF467818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:49.287 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,62567,57919,62567,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF467818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,62567,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:49.287 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,35663,0,35663,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8B4F0000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","e21f2465-ca25-4997-b863-b2ea70008cb5","7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:49.312 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,62567,57919,62567,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF467010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","47c898a8-1afc-4d6b-b021-a75e89863127","7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:49.312 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,62567,57919,62567,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF467818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:49.312 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,62567,57919,62567,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF467818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:49.317 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,35663,0,35663,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8B4F8000000100000006000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C023000200010000012C0014076E73312D32303109617A7572652D646E73C03DC023000200010000012C0017076E73322D32303109617A7572652D646E73036E657400C023000200010000012C0018086E7331312D32303109617A7572652D646E73036F726700C023000200010000012C0019086E7331322D32303109617A7572652D646E7304696E666F00C023000200010000012C000B086E7331302D323031C07AC023000200010000012C000A076E73392D323031C05A00002904D0000000000000,".","e21f2465-ca25-4997-b863-b2ea70008cb5","7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-201.azure-dns.com""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-201.azure-dns.org""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-201.azure-dns.info""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-201.azure-dns.com""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,62567,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:49.317 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,21419,0,21419,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x53AB0000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","e21f2465-ca25-4997-b863-b2ea70008cb5","7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:49.347 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,21419,0,21419,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x53AB8400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","e21f2465-ca25-4997-b863-b2ea70008cb5","7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:51.580 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":128,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":128,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:25:49.347 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,62567,57919,62567,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF467818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000800025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000080002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000A00040D456A5E,"VirtualizationInstance:.","e21f2465-ca25-4997-b863-b2ea70008cb5","7/27/2023, 2:25:50.655 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,61,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:53.644 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:50.957 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"wpad.local.",1,30877,52189,30877,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wpad.local"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x789D010000010000000000000477706164056C6F63616C0000010001,".","e88ec290-25c5-4433-b9b3-caeee72d1f75","7/27/2023, 2:25:52.996 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:53.644 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:25:50.957 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,34179,0,"172.18.88.20",,,"wpad.local.",1,30877,52189,30877,true,false,true,QUERY,true,NXDOMAIN,false,false,true,"[{""dns.query.name"":""wpad.local"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x789D858300010000000100000477706164056C6F63616C0000010001056C6F63616C000006000100000E10002A0677696E646E73C01C0A686F73746D6173746572C01C0000001500000384000002580001518000000E10,"VirtualizationInstance:.","e88ec290-25c5-4433-b9b3-caeee72d1f75","7/27/2023, 2:25:52.996 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",1,0,0,3,Default,local,NULL,"[{""dns.authority.name"":""local"",""dns.authority.type"":""SOA"",""dns.authority.class"":""IN"",""dns.authority.ttl"":3600,""dns.soa.data.name_server"":""windns.local"",""dns.soa.data.auth_mailbox"":""hostmaster.local"",""dns.soa.data.serial_number"":21,""dns.soa.data.refresh_interval"":900,""dns.soa.data.retry_interval"":600,""dns.soa.data.expire_limit"":86400,""dns.soa.data.min_ttl"":3600}]",0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:59.770 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:57.047 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"wdcp.microsoft.com.",1,30672,58102,30672,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wdcp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x77D0010000010000000000000477646370096D6963726F736F667403636F6D0000010001,".","5ece44d1-bf2e-45b8-bc7e-59796bbe135d","7/27/2023, 2:25:59.046 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:59.770 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:57.047 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"wd-prod-cp.trafficmanager.net.",1,30672,58102,30672,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""wdcp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x77D0818000010001000000000477646370096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:25:59.046 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:59.770 PM",,,,,,,,,,,,,,,,,,30672,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:57.047 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"wd-prod-cp.trafficmanager.NET.",1,42917,0,42917,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wd-prod-cp.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA7A5000000010000000000010A77642D70726F642D63700E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","5ece44d1-bf2e-45b8-bc7e-59796bbe135d","7/27/2023, 2:25:59.046 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:59.770 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""wd-prod-cp.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:57.074 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"wd-prod-cp.trafficmanager.NET.",1,42917,0,42917,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""wd-prod-cp.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA7A5840000010001000000010A77642D70726F642D63700E747261666669636D616E61676572034E45540000010001C00C000500010000012C00371777642D70726F642D63702D65752D776573742D312D66650A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","5ece44d1-bf2e-45b8-bc7e-59796bbe135d","7/27/2023, 2:25:59.046 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:59.785 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:57.074 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com.",1,30672,58102,30672,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""wdcp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x77D0818000010002000000000477646370096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:25:59.046 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:59.785 PM",,,,,,,,,,,,,,,,,,30672,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:25:57.074 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com.",1,24220,0,24220,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5E9C000000010000000000011777642D70726F642D63702D65752D776573742D312D66650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","5ece44d1-bf2e-45b8-bc7e-59796bbe135d","7/27/2023, 2:25:59.046 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:59.785 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:25:57.079 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"wdcp.microsoft.com.",1,30672,58102,30672,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wdcp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x77D0010000010000000000000477646370096D6963726F736F667403636F6D0000010001,".","a167d5e7-76d5-4968-b48c-c5876859c738","7/27/2023, 2:25:59.046 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:59.785 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:57.079 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"wd-prod-cp.trafficmanager.net.",1,30672,58102,30672,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""wdcp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x77D0818000010001000000000477646370096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:25:59.046 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:59.785 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:25:57.079 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com.",1,30672,58102,30672,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""wdcp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x77D0818000010002000000000477646370096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:25:59.046 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:59.785 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""51.105.236.244""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:25:57.108 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com.",1,24220,0,24220,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5E9C840000010001000000011777642D70726F642D63702D65752D776573742D312D66650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00043369ECF400002904D0000000000000,".","5ece44d1-bf2e-45b8-bc7e-59796bbe135d","7/27/2023, 2:25:59.046 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:25:59.785 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""wdcp.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":2929,""dns.answer.data"":""wd-prod-cp.trafficmanager.net""},{""dns.answer.name"":""wd-prod-cp.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":299,""dns.answer.data"":""wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""wd-prod-cp-eu-west-1-fe.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""51.105.236.244""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:25:57.109 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"wdcp.microsoft.com.",1,30672,58102,30672,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""wdcp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x77D0818000010003000000000477646370096D6963726F736F667403636F6D0000010001C00C0005000100000B71001F0A77642D70726F642D63700E747261666669636D616E61676572036E657400C030000500010000012B00341777642D70726F642D63702D65752D776573742D312D66650A776573746575726F706508636C6F756461707005617A757265C01BC05B000100010000000900043369ECF4,"VirtualizationInstance:.","5ece44d1-bf2e-45b8-bc7e-59796bbe135d","7/27/2023, 2:25:59.561 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,62,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""ns2-224.azure-dns.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""150.171.21.224""},{""dns.additional.name"":""ns2-224.azure-dns.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2620:1ec:8ec:700::e0""}]",,2,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:26:40.306 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","192.43.172.30",,"telecommand.azurewebsites.NET.",1,45891,0,45891,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""telecommand.azurewebsites.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB343800000010000000400030B74656C65636F6D6D616E640D617A7572657765627369746573034E45540000010001C018000200010002A3000018076E73342D32323409617A7572652D646E7304696E666F00C018000200010002A3000017076E73312D32323409617A7572652D646E7303636F6D00C018000200010002A3000014076E73322D32323409617A7572652D646E73C026C018000200010002A3000017076E73332D32323409617A7572652D646E73036F726700C082000100010002A300000496AB15E0C082001C00010002A3000010262001EC08EC070000000000000000E00000291000000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""azurewebsites.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns4-224.azure-dns.info""},{""dns.authority.name"":""azurewebsites.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns1-224.azure-dns.com""},{""dns.authority.name"":""azurewebsites.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns2-224.azure-dns.NET""},{""dns.authority.name"":""azurewebsites.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns3-224.azure-dns.org""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,,6949,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:26:40.306 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"telecommand.azurewebsites.NET.",1,25000,0,25000,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""telecommand.azurewebsites.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x61A8000000010000000000010B74656C65636F6D6D616E640D617A7572657765627369746573034E455400000100010000290FA0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.21.224",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""telecommand.azurewebsites.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":30,""dns.answer.data"":""waws-prod-usw3-011.sip.azurewebsites.windows.NET""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:26:40.337 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.21.224",,"telecommand.azurewebsites.NET.",1,25000,0,25000,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""telecommand.azurewebsites.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x61A8840000010001000000010B74656C65636F6D6D616E640D617A7572657765627369746573034E45540000010001C00C000500010000001E002F12776177732D70726F642D757377332D303131037369700D617A75726577656273697465730777696E646F7773C02600002904D0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:26:40.337 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"waws-prod-usw3-011.sip.azurewebsites.windows.net.",1,6949,59966,6949,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""www.telecommandsvc.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1B2581800001000200000000037777770E74656C65636F6D6D616E64737663096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,,6949,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:26:40.337 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"waws-prod-usw3-011.sip.azurewebsites.windows.NET.",1,8815,0,8815,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""waws-prod-usw3-011.sip.azurewebsites.windows.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x226F0000000100000000000112776177732D70726F642D757377332D303131037369700D617A75726577656273697465730777696E646F7773034E455400000100010000290FA0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.48.79.30",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""ns2-39.azure-dns.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""150.171.16.39""}]",,4,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:26:40.379 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","192.48.79.30",,"waws-prod-usw3-011.sip.azurewebsites.windows.NET.",1,8815,0,8815,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""waws-prod-usw3-011.sip.azurewebsites.windows.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x226F8000000100000004000212776177732D70726F642D757377332D303131037369700D617A75726577656273697465730777696E646F7773034E45540000010001C031000200010002A3000016066E73312D333909617A7572652D646E7303636F6D00C031000200010002A3000013066E73322D333909617A7572652D646E73C039C031000200010002A3000016066E73332D333909617A7572652D646E73036F726700C031000200010002A3000017066E73342D333909617A7572652D646E7304696E666F00C070000100010002A300000496AB10270000291000000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""windows.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns1-39.azure-dns.com""},{""dns.authority.name"":""windows.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns2-39.azure-dns.NET""},{""dns.authority.name"":""windows.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns3-39.azure-dns.org""},{""dns.authority.name"":""windows.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns4-39.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,,6949,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:26:40.379 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"waws-prod-usw3-011.sip.azurewebsites.windows.NET.",1,48688,0,48688,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""waws-prod-usw3-011.sip.azurewebsites.windows.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBE300000000100000000000112776177732D70726F642D757377332D303131037369700D617A75726577656273697465730777696E646F7773034E455400000100010000290FA0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,,,5,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:26:40.407 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"waws-prod-usw3-011.sip.azurewebsites.windows.NET.",1,48688,0,48688,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""waws-prod-usw3-011.sip.azurewebsites.windows.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBE308000000100000004000112776177732D70726F642D757377332D303131037369700D617A75726577656273697465730777696E646F7773034E45540000010001C023000200010000012C0016066E73312D303509617A7572652D646E7303636F6D00C023000200010000012C0013066E73322D303509617A7572652D646E73C039C023000200010000012C0016066E73332D303509617A7572652D646E73036F726700C023000200010000012C0017066E73342D303509617A7572652D646E7304696E666F0000002904D0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""azurewebsites.windows.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-05.azure-dns.com""},{""dns.authority.name"":""azurewebsites.windows.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-05.azure-dns.NET""},{""dns.authority.name"":""azurewebsites.windows.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns3-05.azure-dns.org""},{""dns.authority.name"":""azurewebsites.windows.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns4-05.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,,6949,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:26:40.407 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"waws-prod-usw3-011.sip.azurewebsites.windows.NET.",1,59183,0,59183,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""waws-prod-usw3-011.sip.azurewebsites.windows.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE72F0000000100000000000112776177732D70726F642D757377332D303131037369700D617A75726577656273697465730777696E646F7773034E455400000100010000290FA0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.5",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,,,6,".",Default,"[{""dns.answer.name"":""waws-prod-usw3-011.sip.azurewebsites.windows.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1800,""dns.answer.data"":""waws-prod-usw3-011-3570.westus3.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:26:40.437 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.5",,"waws-prod-usw3-011.sip.azurewebsites.windows.NET.",1,59183,0,59183,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""waws-prod-usw3-011.sip.azurewebsites.windows.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE72F8400000100010000000112776177732D70726F642D757377332D303131037369700D617A75726577656273697465730777696E646F7773034E45540000010001C00C0005000100000708003417776177732D70726F642D757377332D3031312D33353730077765737475733308636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:26:40.437 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"waws-prod-usw3-011-3570.westus3.cloudapp.azure.com.",1,6949,59966,6949,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""www.telecommandsvc.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1B2581800001000300000000037777770E74656C65636F6D6D616E64737663096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,,6949,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:26:40.437 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"waws-prod-usw3-011-3570.westus3.cloudapp.azure.com.",1,38136,0,38136,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""waws-prod-usw3-011-3570.westus3.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x94F80000000100000000000117776177732D70726F642D757377332D3031312D33353730077765737475733308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,,,7,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:26:40.462 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"waws-prod-usw3-011-3570.westus3.cloudapp.azure.com.",1,38136,0,38136,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""waws-prod-usw3-011-3570.westus3.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x94F88000000100000004000117776177732D70726F642D757377332D3031312D33353730077765737475733308636C6F756461707005617A75726503636F6D0000010001C024000200010002A3000013066E73392D303109617A7572652D646E73C03BC024000200010002A3000017076E7331302D303109617A7572652D646E73036E657400C024000200010002A3000017076E7331312D303109617A7572652D646E73036F726700C024000200010002A3000018076E7331322D303109617A7572652D646E7304696E666F0000002904D0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""westus3.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns9-01.azure-dns.com""},{""dns.authority.name"":""westus3.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns10-01.azure-dns.net""},{""dns.authority.name"":""westus3.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns11-01.azure-dns.org""},{""dns.authority.name"":""westus3.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns12-01.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:43.103 PM",,,,,,,,,,,,,,,,,,6949,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:26:40.463 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"waws-prod-usw3-011-3570.westus3.cloudapp.azure.com.",1,43723,0,43723,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""waws-prod-usw3-011-3570.westus3.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAACB0000000100000000000117776177732D70726F642D757377332D3031312D33353730077765737475733308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:42.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:44.063 PM",,,,,,,,,,,,,,,,,,,8,".",Default,"[{""dns.answer.name"":""waws-prod-usw3-011-3570.westus3.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""20.118.138.130""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:26:40.489 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.1",,"waws-prod-usw3-011-3570.westus3.cloudapp.azure.com.",1,43723,0,43723,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""waws-prod-usw3-011-3570.westus3.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAACB8400000100010000000117776177732D70726F642D757377332D3031312D33353730077765737475733308636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000414768A8200002904D0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:43.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:44.063 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""www.telecommandsvc.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3600,""dns.answer.data"":""telecommand.azurewebsites.net""},{""dns.answer.name"":""telecommand.azurewebsites.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":30,""dns.answer.data"":""waws-prod-usw3-011.sip.azurewebsites.windows.net""},{""dns.answer.name"":""waws-prod-usw3-011.sip.azurewebsites.windows.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1800,""dns.answer.data"":""waws-prod-usw3-011-3570.westus3.cloudapp.azure.com""},{""dns.answer.name"":""waws-prod-usw3-011-3570.westus3.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""20.118.138.130""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:26:40.489 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"www.telecommandsvc.microsoft.com.",1,6949,59966,6949,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""www.telecommandsvc.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1B2581800001000400000000037777770E74656C65636F6D6D616E64737663096D6963726F736F667403636F6D0000010001C00C0005000100000E10001F0B74656C65636F6D6D616E640D617A7572657765627369746573036E657400C03E000500010000001E002F12776177732D70726F642D757377332D303131037369700D617A75726577656273697465730777696E646F7773C058C0690005000100000708003117776177732D70726F642D757377332D3031312D33353730077765737475733308636C6F756461707005617A757265C029C0A4000100010000000A000414768A82,"VirtualizationInstance:.","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:43.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,249,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:44.063 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:26:41.838 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,6385,52144,6385,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x18F1010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","f8cfec29-6e93-4808-b0fb-b4dfefd71580","7/27/2023, 2:26:43.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:44.063 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:26:41.838 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,6385,52144,6385,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x18F1818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:26:43.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:44.063 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:26:41.838 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,6385,52144,6385,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x18F1818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:26:43.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:44.063 PM",,,,,,,,,,,,,,,,,,6385,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:26:41.838 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,26398,0,26398,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x671E0000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","f8cfec29-6e93-4808-b0fb-b4dfefd71580","7/27/2023, 2:26:43.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:44.063 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:26:41.859 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,6385,52144,6385,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x18F1010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","24cb05d2-dad3-41c8-a1ed-65060def9f5b","7/27/2023, 2:26:43.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:44.063 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:26:41.859 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,6385,52144,6385,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x18F1818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:26:43.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:44.063 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:26:41.859 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,6385,52144,6385,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x18F1818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:26:43.279 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:44.063 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:26:41.865 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,26398,0,26398,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x671E8400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","f8cfec29-6e93-4808-b0fb-b4dfefd71580","7/27/2023, 2:26:43.279 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:44.063 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":75,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":75,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:26:41.866 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,6385,52144,6385,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x18F1818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000004B0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000004B002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000900040D456A5E,"VirtualizationInstance:.","f8cfec29-6e93-4808-b0fb-b4dfefd71580","7/27/2023, 2:26:43.279 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,28,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:42.031 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:26:40.240 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"www.telecommandsvc.microsoft.com.",1,6949,59966,6949,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""www.telecommandsvc.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1B2501000001000000000000037777770E74656C65636F6D6D616E64737663096D6963726F736F667403636F6D0000010001,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:41.233 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:42.031 PM",,,,,,,,,,,,,,,,,,6949,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:26:40.240 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"www.telecommandsvc.microsoft.com.",1,4251,0,4251,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""www.telecommandsvc.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x109B00000001000000000001037777770E74656C65636F6D6D616E64737663096D6963726F736F667403636F6D00000100010000290FA0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:41.233 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:42.031 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:26:40.265 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"www.telecommandsvc.microsoft.com.",1,6949,59966,6949,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""www.telecommandsvc.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1B2501000001000000000000037777770E74656C65636F6D6D616E64737663096D6963726F736F667403636F6D0000010001,".","3ae7c8c9-56ce-4f41-ae5a-058e48095277","7/27/2023, 2:26:41.233 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:42.031 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""www.telecommandsvc.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3600,""dns.answer.data"":""telecommand.azurewebsites.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:26:40.268 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.39",,"www.telecommandsvc.microsoft.com.",1,4251,0,4251,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""www.telecommandsvc.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x109B84000001000100000001037777770E74656C65636F6D6D616E64737663096D6963726F736F667403636F6D0000010001C00C0005000100000E10001F0B74656C65636F6D6D616E640D617A7572657765627369746573036E65740000002904D0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:41.248 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:42.031 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:26:40.268 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"telecommand.azurewebsites.net.",1,6949,59966,6949,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""www.telecommandsvc.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1B2581800001000100000000037777770E74656C65636F6D6D616E64737663096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:26:41.248 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:42.031 PM",,,,,,,,,,,,,,,,,,6949,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:26:40.269 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"telecommand.azurewebsites.NET.",1,45891,0,45891,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""telecommand.azurewebsites.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB343000000010000000000010B74656C65636F6D6D616E640D617A7572657765627369746573034E455400000100010000290FA0000000000000,".","ade619f9-bc0d-4b0d-ab4c-389f7993e624","7/27/2023, 2:26:41.764 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.43.172.30",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:47.388 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:26:44.617 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"ctldl.windowsupdate.com.",1,25523,49658,25523,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ctldl.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x63B3010000010000000000000563746C646C0D77696E646F777375706461746503636F6D0000010001,".","e6ee7143-6e28-4fe5-8e1d-54fb9251b653","7/27/2023, 2:26:46.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:47.388 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:26:44.617 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"wu-bg-shim.trafficmanager.net.",1,25523,49658,25523,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""ctldl.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x63B3818000010001000000000563746C646C0D77696E646F777375706461746503636F6D0000010001,,,"7/27/2023, 2:26:46.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:47.388 PM",,,,,,,,,,,,,,,,,,25523,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:26:44.617 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"wu-bg-shim.trafficmanager.NET.",1,49867,0,49867,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wu-bg-shim.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC2CB000000010000000000010A77752D62672D7368696D0E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","e6ee7143-6e28-4fe5-8e1d-54fb9251b653","7/27/2023, 2:26:46.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:47.388 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:26:44.639 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"ctldl.windowsupdate.com.",1,25523,49658,25523,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ctldl.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x63B3010000010000000000000563746C646C0D77696E646F777375706461746503636F6D0000010001,".","48bd595b-6eb2-489c-ab13-f2433146982f","7/27/2023, 2:26:46.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:47.388 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:26:44.639 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"wu-bg-shim.trafficmanager.net.",1,25523,49658,25523,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""ctldl.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x63B3818000010001000000000563746C646C0D77696E646F777375706461746503636F6D0000010001,,,"7/27/2023, 2:26:46.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:47.388 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""wu-bg-shim.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":600,""dns.answer.data"":""cds.d2s7q6s2.hwcdn.NET""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:26:44.649 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"wu-bg-shim.trafficmanager.NET.",1,49867,0,49867,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""wu-bg-shim.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC2CB840000010001000000010A77752D62672D7368696D0E747261666669636D616E61676572034E45540000010001C00C000500010000025800150363647308643273377136733205687763646EC02600002904D0000000000000,".","e6ee7143-6e28-4fe5-8e1d-54fb9251b653","7/27/2023, 2:26:46.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:47.388 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:26:44.649 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"cds.d2s7q6s2.hwcdn.net.",1,25523,49658,25523,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""ctldl.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x63B3818000010002000000000563746C646C0D77696E646F777375706461746503636F6D0000010001,,,"7/27/2023, 2:26:46.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:47.388 PM",,,,,,,,,,,,,,,,,,25523,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:26:44.650 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"cds.d2s7q6s2.hwcdn.NET.",1,58140,0,58140,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""cds.d2s7q6s2.hwcdn.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE31C000000010000000000010363647308643273377136733205687763646E034E455400000100010000290FA0000000000000,".","e6ee7143-6e28-4fe5-8e1d-54fb9251b653","7/27/2023, 2:26:46.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.5.6.30",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:47.388 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""ns2.hwcdn.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""209.197.2.10""},{""dns.additional.name"":""ns1.hwcdn.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""69.16.174.10""}]",,2,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:26:44.698 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","192.5.6.30",,"cds.d2s7q6s2.hwcdn.NET.",1,58140,0,58140,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""cds.d2s7q6s2.hwcdn.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE31C800000010000000200030363647308643273377136733205687763646E034E45540000010001C019000200010002A3000006036E7332C019C019000200010002A3000006036E7331C019C034000100010002A3000004D1C5020AC046000100010002A30000044510AE0A0000291000000000000000,".","e6ee7143-6e28-4fe5-8e1d-54fb9251b653","7/27/2023, 2:26:46.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""hwcdn.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns2.hwcdn.NET""},{""dns.authority.name"":""hwcdn.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns1.hwcdn.NET""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:47.388 PM",,,,,,,,,,,,,,,,,,25523,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:26:44.698 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"cds.d2s7q6s2.hwcdn.NET.",1,28819,0,28819,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""cds.d2s7q6s2.hwcdn.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7093000000010000000000010363647308643273377136733205687763646E034E455400000100010000290FA0000000000000,".","e6ee7143-6e28-4fe5-8e1d-54fb9251b653","7/27/2023, 2:26:46.623 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","69.16.174.10",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:47.388 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""ns1.hwcdn.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":86400,""dns.additional.data"":""69.16.174.10""},{""dns.additional.name"":""ns1.hwcdn.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":3600,""dns.additional.data"":""2001:4de0:ac11::1:0:1""},{""dns.additional.name"":""ns2.hwcdn.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":86400,""dns.additional.data"":""209.197.2.10""},{""dns.additional.name"":""ns2.hwcdn.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":3600,""dns.additional.data"":""2001:4de0:ac12::1:0:2""}]",,3,".",Default,"[{""dns.answer.name"":""cds.d2s7q6s2.hwcdn.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""209.197.3.8""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:26:44.739 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","69.16.174.10",,"cds.d2s7q6s2.hwcdn.NET.",1,28819,0,28819,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""cds.d2s7q6s2.hwcdn.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7093840000010001000200040363647308643273377136733205687763646E034E45540000010001C00C000100010000012C0004D1C50308C01900020001000151800006036E7331C019C01900020001000151800006036E7332C019C044000100010001518000044510AE0AC044001C000100000E10001020014DE0AC1100000000000100000001C05600010001000151800004D1C5020AC056001C000100000E10001020014DE0AC1200000000000100000002,".","e6ee7143-6e28-4fe5-8e1d-54fb9251b653","7/27/2023, 2:26:47.139 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,"[{""dns.authority.name"":""hwcdn.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":86400,""dns.authority.data"":""ns1.hwcdn.NET""},{""dns.authority.name"":""hwcdn.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":86400,""dns.authority.data"":""ns2.hwcdn.NET""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:26:47.388 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""ctldl.windowsupdate.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":2871,""dns.answer.data"":""wu-bg-shim.trafficmanager.net""},{""dns.answer.name"":""wu-bg-shim.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":600,""dns.answer.data"":""cds.d2s7q6s2.hwcdn.net""},{""dns.answer.name"":""cds.d2s7q6s2.hwcdn.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""209.197.3.8""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:26:44.739 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"ctldl.windowsupdate.com.",1,25523,49658,25523,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""ctldl.windowsupdate.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x63B3818000010003000000000563746C646C0D77696E646F777375706461746503636F6D0000010001C00C0005000100000B37001F0A77752D62672D7368696D0E747261666669636D616E61676572036E657400C035000500010000025800150363647308643273377136733205687763646EC04FC060000100010000012C0004D1C50308,"VirtualizationInstance:.","e6ee7143-6e28-4fe5-8e1d-54fb9251b653","7/27/2023, 2:26:47.139 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,122,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:27:09.316 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:27:06.629 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,24518,59724,24518,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5FC6010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","c84b42f5-d2c2-4577-af6b-01f272f9611f","7/27/2023, 2:27:08.654 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:27:09.316 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:27:06.629 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,24518,59724,24518,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5FC6818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:27:08.654 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:27:09.316 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:27:06.629 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,24518,59724,24518,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5FC6818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:27:08.654 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:27:09.316 PM",,,,,,,,,,,,,,,,,,24518,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:27:06.629 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,16262,0,16262,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3F860000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","c84b42f5-d2c2-4577-af6b-01f272f9611f","7/27/2023, 2:27:08.654 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:27:09.316 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:27:06.662 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,16262,0,16262,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3F868400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","c84b42f5-d2c2-4577-af6b-01f272f9611f","7/27/2023, 2:27:08.654 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:27:09.316 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":50,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":50,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:27:06.662 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,24518,59724,24518,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5FC6818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000320025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000032002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000900040D456A5E,"VirtualizationInstance:.","c84b42f5-d2c2-4577-af6b-01f272f9611f","7/27/2023, 2:27:08.654 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,33,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:38.044 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:35:35.403 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,26373,64101,26373,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6705010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","30b10ef6-2d77-46a6-b68b-38ee0dccb925","7/27/2023, 2:35:37.429 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:38.044 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:35:35.403 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,26373,64101,26373,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6705818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:35:37.429 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:38.044 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:35:35.403 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,26373,64101,26373,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6705818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:35:37.429 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:38.044 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":293,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":293,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:35:35.404 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,26373,64101,26373,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6705818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000001250025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000125002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C0001000100000003000434ECBADE,"VirtualizationInstance:.","30b10ef6-2d77-46a6-b68b-38ee0dccb925","7/27/2023, 2:35:37.949 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,1,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:27:16.394 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:27:13.825 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,11020,54472,11020,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2B0C010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","7ea039ec-cb6a-453b-b178-a5ccacdcd62a","7/27/2023, 2:27:15.842 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:27:16.394 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:27:13.825 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,11020,54472,11020,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2B0C818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:27:15.842 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:27:16.394 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:27:13.825 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,11020,54472,11020,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2B0C818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:27:15.842 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:27:16.394 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":43,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":43,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":2,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:27:13.825 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,11020,54472,11020,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2B0C818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000002B0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000002B002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000200040D456A5E,"VirtualizationInstance:.","7ea039ec-cb6a-453b-b178-a5ccacdcd62a","7/27/2023, 2:27:15.842 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:19:01.335 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"v10.events.data.microsoft.com.",1,61367,50868,61367,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xEFB70100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,".","98022b85-b7bb-4a90-b63b-b6ef3f40290f","7/27/2023, 2:19:03.363 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,61367,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:19:01.336 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"v10.events.data.microsoft.com.",1,38335,0,38335,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x95BF0000000100000000000103763130066576656E74730464617461096D6963726F736F667403636F6D00000100010000290FA0000000000000,".","98022b85-b7bb-4a90-b63b-b6ef3f40290f","7/27/2023, 2:19:03.363 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":120,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:19:01.368 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.39",,"v10.events.data.microsoft.com.",1,38335,0,38335,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x95BF8400000100010000000103763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007800382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E65740000002904D0000000000000,".","98022b85-b7bb-4a90-b63b-b6ef3f40290f","7/27/2023, 2:19:03.363 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:19:01.369 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"win-global-asimov-leafs-events-data.trafficmanager.net.",1,61367,50868,61367,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xEFB78180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:19:03.363 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,61367,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:19:01.370 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,63390,0,63390,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF79E000000010000000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","98022b85-b7bb-4a90-b63b-b6ef3f40290f","7/27/2023, 2:19:03.383 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""onedscolprdwus07.westus.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:19:01.402 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,63390,0,63390,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF79E840000010001000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E45540000010001C00C000500010000003C002C106F6E656473636F6C70726477757330370677657374757308636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","98022b85-b7bb-4a90-b63b-b6ef3f40290f","7/27/2023, 2:19:03.383 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:19:01.402 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"onedscolprdwus07.westus.cloudapp.azure.com.",1,61367,50868,61367,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xEFB78180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:19:03.383 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,61367,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:19:01.403 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprdwus07.westus.cloudapp.azure.com.",1,58758,0,58758,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdwus07.westus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE58600000001000000000001106F6E656473636F6C70726477757330370677657374757308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","98022b85-b7bb-4a90-b63b-b6ef3f40290f","7/27/2023, 2:19:03.383 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,,3,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:19:01.432 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"onedscolprdwus07.westus.cloudapp.azure.com.",1,58758,0,58758,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdwus07.westus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE58680000001000000040001106F6E656473636F6C70726477757330370677657374757308636C6F756461707005617A75726503636F6D0000010001C01D000200010000012C0013066E73392D303209617A7572652D646E73C033C01D000200010000012C0017076E7331302D303209617A7572652D646E73036E657400C01D000200010000012C0017076E7331312D303209617A7572652D646E73036F726700C01D000200010000012C0018076E7331322D303209617A7572652D646E7304696E666F0000002904D0000000000000,".","98022b85-b7bb-4a90-b63b-b6ef3f40290f","7/27/2023, 2:19:03.383 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""westus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-02.azure-dns.com""},{""dns.authority.name"":""westus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-02.azure-dns.net""},{""dns.authority.name"":""westus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-02.azure-dns.org""},{""dns.authority.name"":""westus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-02.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:19:01.432 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ns9-02.azure-dns.com.",1,26677,0,26677,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ns9-02.azure-dns.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x683500000001000000000001066E73392D303209617A7572652D646E7303636F6D00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:19:03.383 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.2",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ns9-02.azure-dns.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3600,""dns.answer.data"":""150.171.10.2""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:19:01.462 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.2",,"ns9-02.azure-dns.com.",1,26677,0,26677,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ns9-02.azure-dns.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x683584000001000100000001066E73392D303209617A7572652D646E7303636F6D0000010001C00C0001000100000E10000496AB0A0200002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:19:03.383 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,61367,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:19:01.463 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprdwus07.westus.cloudapp.azure.com.",1,35004,0,35004,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdwus07.westus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x88BC00000001000000000001106F6E656473636F6C70726477757330370677657374757308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","98022b85-b7bb-4a90-b63b-b6ef3f40290f","7/27/2023, 2:19:03.383 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.2",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""onedscolprdwus07.westus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""20.189.173.8""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:19:01.495 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.2",,"onedscolprdwus07.westus.cloudapp.azure.com.",1,35004,0,35004,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdwus07.westus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x88BC84000001000100000001106F6E656473636F6C70726477757330370677657374757308636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000414BDAD0800002904D0000000000000,".","98022b85-b7bb-4a90-b63b-b6ef3f40290f","7/27/2023, 2:19:03.383 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:04.199 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":120,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""},{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""onedscolprdwus07.westus.cloudapp.azure.com""},{""dns.answer.name"":""onedscolprdwus07.westus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""20.189.173.8""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:19:01.495 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"v10.events.data.microsoft.com.",1,61367,50868,61367,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xEFB78180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007800382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E657400C03B000500010000003C0029106F6E656473636F6C70726477757330370677657374757308636C6F756461707005617A757265C026C07F000100010000000A000414BDAD08,"VirtualizationInstance:.","98022b85-b7bb-4a90-b63b-b6ef3f40290f","7/27/2023, 2:19:03.910 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,160,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:29:15.667 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:29:11.982 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,40932,52348,40932,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9FE4010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","ec2bebc5-a9b0-4e57-b72d-5da3973da2dd","7/27/2023, 2:29:14.013 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:29:15.667 PM",,,,,,,,,,,,,,,,,,40932,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:29:11.982 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,48241,0,48241,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBC71000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","ec2bebc5-a9b0-4e57-b72d-5da3973da2dd","7/27/2023, 2:29:14.013 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:29:15.667 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:29:12.013 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,48241,0,48241,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBC71800000010000000400012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C031000200010000012C0013066E73312D303109617A7572652D646E73C046C031000200010000012C0016066E73322D303109617A7572652D646E73036E657400C031000200010000012C0016066E73332D303109617A7572652D646E73036F726700C031000200010000012C0017066E73342D303109617A7572652D646E7304696E666F0000002904D0000000000000,".","ec2bebc5-a9b0-4e57-b72d-5da3973da2dd","7/27/2023, 2:29:14.013 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-01.azure-dns.com""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-01.azure-dns.net""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns3-01.azure-dns.org""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns4-01.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:29:15.667 PM",,,,,,,,,,,,,,,,,,40932,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:29:12.013 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,20935,0,20935,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x51C7000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","ec2bebc5-a9b0-4e57-b72d-5da3973da2dd","7/27/2023, 2:29:14.013 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","204.14.183.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:29:15.667 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:29:12.042 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","204.14.183.1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,20935,0,20935,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x51C7840000010001000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E65740000002904D0000000000000,".","ec2bebc5-a9b0-4e57-b72d-5da3973da2dd","7/27/2023, 2:29:14.013 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:29:15.667 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:29:12.042 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,40932,52348,40932,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9FE4818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:29:14.013 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:29:15.667 PM",,,,,,,,,,,,,,,,,,40932,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:29:12.042 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"opinsightsweuods.trafficmanager.NET.",1,64148,0,64148,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFA9400000001000000000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","ec2bebc5-a9b0-4e57-b72d-5da3973da2dd","7/27/2023, 2:29:14.013 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:29:15.667 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""opinsightsweuods.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:29:12.073 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"opinsightsweuods.trafficmanager.NET.",1,64148,0,64148,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFA9484000001000100000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E45540000010001C00C000500010000012C003616697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","ec2bebc5-a9b0-4e57-b72d-5da3973da2dd","7/27/2023, 2:29:14.013 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:29:15.667 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:29:12.073 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,40932,52348,40932,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9FE4818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:29:14.013 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:29:15.667 PM",,,,,,,,,,,,,,,,,,40932,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:29:12.073 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,61726,0,61726,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF11E0000000100000000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","ec2bebc5-a9b0-4e57-b72d-5da3973da2dd","7/27/2023, 2:29:14.013 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:29:15.667 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:29:12.102 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,61726,0,61726,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF11E8400000100010000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D45411D00002904D0000000000000,".","ec2bebc5-a9b0-4e57-b72d-5da3973da2dd","7/27/2023, 2:29:14.013 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:29:15.667 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:29:12.102 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,40932,52348,40932,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9FE4818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000012C002D16697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F7564617070C040C08C000100010000000A00040D45411D,"VirtualizationInstance:.","ec2bebc5-a9b0-4e57-b72d-5da3973da2dd","7/27/2023, 2:29:14.528 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,120,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:30:01.723 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:29:59.030 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"windns.local.",6,41786,65107,41786,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""windns.local"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0xA33A010000010000000000000677696E646E73056C6F63616C0000060001,".","c4307789-5052-4796-b510-ba5be1b684f8","7/27/2023, 2:30:01.060 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:30:01.723 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",280,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372105574252544,"7/27/2023, 2:29:59.030 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,34176,0,"172.18.88.20","172.18.88.20",1,"windns.local.",1,41786,65107,41786,true,false,true,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""windns.local"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0xA33A858000010000000100000677696E646E73056C6F63616C0000060001,,,"7/27/2023, 2:30:01.060 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:30:01.723 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",280,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372105574252544,"7/27/2023, 2:29:59.030 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,34176,0,"172.18.88.20","172.18.88.20",1,"windns.local.",28,41786,65107,41786,true,false,true,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""windns.local"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0xA33A858000010000000100010677696E646E73056C6F63616C0000060001,,,"7/27/2023, 2:30:01.060 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:30:01.723 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""windns.local"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":3600,""dns.additional.data"":""172.18.88.20""}]",,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:29:59.031 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,34176,0,"172.18.88.20",,,"windns.local.",6,41786,65107,41786,true,false,true,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""windns.local"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0xA33A858000010000000100010677696E646E73056C6F63616C0000060001C0130006000100000E100023C00C0A686F73746D6173746572C0130000001500000384000002580001518000000E10C02A0001000100000E100004AC125814,"VirtualizationInstance:.","c4307789-5052-4796-b510-ba5be1b684f8","7/27/2023, 2:30:01.060 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",1,0,0,0,Default,local,NULL,"[{""dns.authority.name"":""local"",""dns.authority.type"":""SOA"",""dns.authority.class"":""IN"",""dns.authority.ttl"":3600,""dns.soa.data.name_server"":""windns.local"",""dns.soa.data.auth_mailbox"":""hostmaster.local"",""dns.soa.data.serial_number"":21,""dns.soa.data.refresh_interval"":900,""dns.soa.data.retry_interval"":600,""dns.soa.data.expire_limit"":86400,""dns.soa.data.min_ttl"":3600}]",0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:30:01.723 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:29:59.033 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"20.88.18.172.in-addr.arpa.",6,9072,65112,9072,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""20.88.18.172.in-addr.arpa"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0x2370010000010000000000000232300238380231380331373207696E2D6164647204617270610000060001,".","32339224-184a-4b45-99de-134d2109ca6c","7/27/2023, 2:30:01.060 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:30:01.723 PM",,,,,,,,,,,,,,,,,,9072,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:29:59.033 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"20.88.18.172.in-addr.arpa.",6,4564,0,4564,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""20.88.18.172.in-addr.arpa"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0x11D4000000010000000000010232300238380231380331373207696E2D61646472046172706100000600010000290FA0000000000000,".","32339224-184a-4b45-99de-134d2109ca6c","7/27/2023, 2:30:01.060 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.175.48.42",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:30:01.723 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:29:59.139 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33795,0,"0.0.0.0","192.175.48.42",,"20.88.18.172.in-addr.arpa.",6,4564,0,4564,false,false,true,QUERY,true,NXDOMAIN,false,false,false,"[{""dns.query.name"":""20.88.18.172.in-addr.arpa"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0x11D4840300010000000100010232300238380231380331373207696E2D6164647204617270610000060001C0120006000100093A80004108707269736F6E65720469616E61036F7267000A686F73746D61737465720C726F6F742D73657276657273C0450000000100093A800000003C00093A8000093A8000002904D0000000000000,".","32339224-184a-4b45-99de-134d2109ca6c","7/27/2023, 2:30:01.060 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,"[{""dns.authority.name"":""18.172.in-addr.arpa"",""dns.authority.type"":""SOA"",""dns.authority.class"":""IN"",""dns.authority.ttl"":604800,""dns.soa.data.name_server"":""prisoner.iana.org"",""dns.soa.data.auth_mailbox"":""hostmaster.root-servers.org"",""dns.soa.data.serial_number"":1,""dns.soa.data.refresh_interval"":604800,""dns.soa.data.retry_interval"":60,""dns.soa.data.expire_limit"":604800,""dns.soa.data.min_ttl"":604800}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:30:01.723 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:29:59.139 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33155,0,"172.18.88.20",,,"20.88.18.172.in-addr.arpa.",6,9072,65112,9072,true,false,false,QUERY,true,NXDOMAIN,false,false,true,"[{""dns.query.name"":""20.88.18.172.in-addr.arpa"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0x2370818300010000000100000232300238380231380331373207696E2D6164647204617270610000060001C012000600010000003B004108707269736F6E65720469616E61036F7267000A686F73746D61737465720C726F6F742D73657276657273C0450000000100093A800000003C00093A8000093A80,"VirtualizationInstance:.","32339224-184a-4b45-99de-134d2109ca6c","7/27/2023, 2:30:01.060 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,3,Default,"..Cache",NULL,"[{""dns.authority.name"":""18.172.in-addr.arpa"",""dns.authority.type"":""SOA"",""dns.authority.class"":""IN"",""dns.authority.ttl"":59,""dns.soa.data.name_server"":""prisoner.iana.org"",""dns.soa.data.auth_mailbox"":""hostmaster.root-servers.org"",""dns.soa.data.serial_number"":1,""dns.soa.data.refresh_interval"":604800,""dns.soa.data.retry_interval"":60,""dns.soa.data.expire_limit"":604800,""dns.soa.data.min_ttl"":604800}]",107,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:30:01.723 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:29:59.141 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"prisoner.iana.org.",1,48623,52331,48623,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""prisoner.iana.org"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBDEF0100000100000000000008707269736F6E65720469616E61036F72670000010001,".","862d109e-b6f8-46a4-b2b8-644479f3ed23","7/27/2023, 2:30:01.060 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:30:01.723 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""prisoner.iana.org"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":2999,""dns.answer.data"":""192.175.48.1""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:29:59.141 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"prisoner.iana.org.",1,48623,52331,48623,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""prisoner.iana.org"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBDEF8180000100010000000008707269736F6E65720469616E61036F72670000010001C00C0001000100000BB70004C0AF3001,"VirtualizationInstance:.","862d109e-b6f8-46a4-b2b8-644479f3ed23","7/27/2023, 2:30:01.060 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:53.763 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:35:51.058 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"wpad.local.",1,5051,54472,5051,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wpad.local"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x13BB010000010000000000000477706164056C6F63616C0000010001,".","1bd68e70-9d26-4dca-bfbe-66f7557568c4","7/27/2023, 2:35:53.084 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:53.763 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:35:51.058 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,34179,0,"172.18.88.20",,,"wpad.local.",1,5051,54472,5051,true,false,true,QUERY,true,NXDOMAIN,false,false,true,"[{""dns.query.name"":""wpad.local"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x13BB858300010000000100000477706164056C6F63616C0000010001056C6F63616C000006000100000E10002A0677696E646E73C01C0A686F73746D6173746572C01C0000001500000384000002580001518000000E10,"VirtualizationInstance:.","1bd68e70-9d26-4dca-bfbe-66f7557568c4","7/27/2023, 2:35:53.600 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",1,0,0,3,Default,local,NULL,"[{""dns.authority.name"":""local"",""dns.authority.type"":""SOA"",""dns.authority.class"":""IN"",""dns.authority.ttl"":3600,""dns.soa.data.name_server"":""windns.local"",""dns.soa.data.auth_mailbox"":""hostmaster.local"",""dns.soa.data.serial_number"":21,""dns.soa.data.refresh_interval"":900,""dns.soa.data.retry_interval"":600,""dns.soa.data.expire_limit"":86400,""dns.soa.data.min_ttl"":3600}]",0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:54.102 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:19:51.546 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"windns.local.",6,45533,49747,45533,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""windns.local"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0xB1DD010000010000000000000677696E646E73056C6F63616C0000060001,".","697a7fb9-0d0b-41d8-927c-2c216319a531","7/27/2023, 2:19:53.551 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:54.102 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",280,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372105574252544,"7/27/2023, 2:19:51.546 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,34176,0,"172.18.88.20","172.18.88.20",1,"windns.local.",1,45533,49747,45533,true,false,true,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""windns.local"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0xB1DD858000010000000100000677696E646E73056C6F63616C0000060001,,,"7/27/2023, 2:19:53.551 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:54.102 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",280,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372105574252544,"7/27/2023, 2:19:51.546 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,34176,0,"172.18.88.20","172.18.88.20",1,"windns.local.",28,45533,49747,45533,true,false,true,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""windns.local"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0xB1DD858000010000000100010677696E646E73056C6F63616C0000060001,,,"7/27/2023, 2:19:53.551 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:54.102 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""windns.local"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":3600,""dns.additional.data"":""172.18.88.20""}]",,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:19:51.547 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,34176,0,"172.18.88.20",,,"windns.local.",6,45533,49747,45533,true,false,true,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""windns.local"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0xB1DD858000010000000100010677696E646E73056C6F63616C0000060001C0130006000100000E100023C00C0A686F73746D6173746572C0130000001500000384000002580001518000000E10C02A0001000100000E100004AC125814,"VirtualizationInstance:.","697a7fb9-0d0b-41d8-927c-2c216319a531","7/27/2023, 2:19:53.551 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",1,0,0,0,Default,local,NULL,"[{""dns.authority.name"":""local"",""dns.authority.type"":""SOA"",""dns.authority.class"":""IN"",""dns.authority.ttl"":3600,""dns.soa.data.name_server"":""windns.local"",""dns.soa.data.auth_mailbox"":""hostmaster.local"",""dns.soa.data.serial_number"":21,""dns.soa.data.refresh_interval"":900,""dns.soa.data.retry_interval"":600,""dns.soa.data.expire_limit"":86400,""dns.soa.data.min_ttl"":3600}]",1,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:54.102 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:19:51.559 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"20.88.18.172.in-addr.arpa.",6,1356,57919,1356,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""20.88.18.172.in-addr.arpa"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0x054C010000010000000000000232300238380231380331373207696E2D6164647204617270610000060001,".","1a1a8419-009b-4b1e-a632-d74d1fa9a4e3","7/27/2023, 2:19:53.551 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:54.102 PM",,,,,,,,,,,,,,,,,,1356,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:19:51.559 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"20.88.18.172.in-addr.arpa.",6,35625,0,35625,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""20.88.18.172.in-addr.arpa"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0x8B29000000010000000000010232300238380231380331373207696E2D61646472046172706100000600010000290FA0000000000000,".","1a1a8419-009b-4b1e-a632-d74d1fa9a4e3","7/27/2023, 2:19:53.569 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.175.48.42",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:54.102 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:19:51.628 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"20.88.18.172.in-addr.arpa.",6,1356,57919,1356,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""20.88.18.172.in-addr.arpa"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0x054C010000010000000000000232300238380231380331373207696E2D6164647204617270610000060001,".","588da0ac-8a12-44b2-813d-0b901f62add7","7/27/2023, 2:19:53.569 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:54.102 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:19:51.675 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33795,0,"0.0.0.0","192.175.48.42",,"20.88.18.172.in-addr.arpa.",6,35625,0,35625,false,false,true,QUERY,true,NXDOMAIN,false,false,false,"[{""dns.query.name"":""20.88.18.172.in-addr.arpa"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0x8B29840300010000000100010232300238380231380331373207696E2D6164647204617270610000060001C0120006000100093A80004108707269736F6E65720469616E61036F7267000A686F73746D61737465720C726F6F742D73657276657273C0450000000100093A800000003C00093A8000093A8000002904D0000000000000,".","1a1a8419-009b-4b1e-a632-d74d1fa9a4e3","7/27/2023, 2:19:53.569 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,"[{""dns.authority.name"":""18.172.in-addr.arpa"",""dns.authority.type"":""SOA"",""dns.authority.class"":""IN"",""dns.authority.ttl"":604800,""dns.soa.data.name_server"":""prisoner.iana.org"",""dns.soa.data.auth_mailbox"":""hostmaster.root-servers.org"",""dns.soa.data.serial_number"":1,""dns.soa.data.refresh_interval"":604800,""dns.soa.data.retry_interval"":60,""dns.soa.data.expire_limit"":604800,""dns.soa.data.min_ttl"":604800}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:54.102 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:19:51.675 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33155,0,"172.18.88.20",,,"20.88.18.172.in-addr.arpa.",6,1356,57919,1356,true,false,false,QUERY,true,NXDOMAIN,false,false,true,"[{""dns.query.name"":""20.88.18.172.in-addr.arpa"",""dns.query.type"":""SOA"",""dns.query.class"":""IN""}]",0x054C818300010000000100000232300238380231380331373207696E2D6164647204617270610000060001C012000600010000003B004108707269736F6E65720469616E61036F7267000A686F73746D61737465720C726F6F742D73657276657273C0450000000100093A800000003C00093A8000093A80,"VirtualizationInstance:.","1a1a8419-009b-4b1e-a632-d74d1fa9a4e3","7/27/2023, 2:19:53.569 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,3,Default,"..Cache",NULL,"[{""dns.authority.name"":""18.172.in-addr.arpa"",""dns.authority.type"":""SOA"",""dns.authority.class"":""IN"",""dns.authority.ttl"":59,""dns.soa.data.name_server"":""prisoner.iana.org"",""dns.soa.data.auth_mailbox"":""hostmaster.root-servers.org"",""dns.soa.data.serial_number"":1,""dns.soa.data.refresh_interval"":604800,""dns.soa.data.retry_interval"":60,""dns.soa.data.expire_limit"":604800,""dns.soa.data.min_ttl"":604800}]",117,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:54.102 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:19:51.687 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"prisoner.iana.org.",1,13558,59996,13558,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""prisoner.iana.org"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x34F60100000100000000000008707269736F6E65720469616E61036F72670000010001,".","ef0c5ee4-49d1-4582-a049-8d2ecabc4805","7/27/2023, 2:19:54.082 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:54.102 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:19:51.687 PM",2908,4024,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,,"2001:500:89::53",,"prisoner.iana.org.",1,10228,,,,,,,,,,,,,,".",,"7/27/2023, 2:19:54.082 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,"..Cache",NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:54.102 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:19:51.744 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"prisoner.iana.org.",1,13558,59996,13558,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""prisoner.iana.org"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x34F60100000100000000000008707269736F6E65720469616E61036F72670000010001,".","a7cf0139-594e-4b1d-892b-f2717a589065","7/27/2023, 2:19:54.082 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:55.184 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:19:52.758 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"prisoner.iana.org.",1,13558,59996,13558,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""prisoner.iana.org"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x34F60100000100000000000008707269736F6E65720469616E61036F72670000010001,".","777642a0-4da0-413e-8ffb-c6f22758279e","7/27/2023, 2:19:54.566 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:19:57.227 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:19:54.774 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"prisoner.iana.org.",1,13558,59996,13558,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""prisoner.iana.org"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x34F60100000100000000000008707269736F6E65720469616E61036F72670000010001,".","7ddef91a-7a8f-47a1-8872-fa8e0a305ba0","7/27/2023, 2:19:56.801 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:02.347 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""prisoner.iana.org"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3600,""dns.answer.data"":""192.175.48.1""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:19:58.909 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","199.4.138.53",,"prisoner.iana.org.",1,12060,0,12060,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""prisoner.iana.org"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2F1C8400000100010004000108707269736F6E65720469616E61036F72670000010001C00C0001000100000E100004C0AF3001C0150002000100015180001401610C69616E612D73657276657273036E657400C015000200010001518000040162C041C015000200010001518000040163C041C0150002000100015180000B026E73056963616E6EC01A0000291000000000000000,".","a3a70505-0a4e-4a6f-a020-6505018c6d16","7/27/2023, 2:20:01.816 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,"[{""dns.authority.name"":""iana.org"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":86400,""dns.authority.data"":""a.iana-servers.net""},{""dns.authority.name"":""iana.org"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":86400,""dns.authority.data"":""b.iana-servers.net""},{""dns.authority.name"":""iana.org"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":86400,""dns.authority.data"":""c.iana-servers.net""},{""dns.authority.name"":""iana.org"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":86400,""dns.authority.data"":""ns.icann.org""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:02.347 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""prisoner.iana.org"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3599,""dns.answer.data"":""192.175.48.1""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:19:58.909 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"prisoner.iana.org.",1,13558,59996,13558,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""prisoner.iana.org"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x34F68180000100010000000008707269736F6E65720469616E61036F72670000010001C00C0001000100000E0F0004C0AF3001,"VirtualizationInstance:.","a3a70505-0a4e-4a6f-a020-6505018c6d16","7/27/2023, 2:20:01.816 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,120,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:02.347 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",262,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,2,"RECURSE_QUERY ",9223372036854775872,"7/27/2023, 2:20:00.178 PM",2908,3164,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,,,,"a.iana-servers.NET.",1,47371,0,,,,,,,,,,,,,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:01.816 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","2001:503:83eb::30",,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:02.347 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:00.179 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"a.iana-servers.NET.",1,47371,0,47371,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""a.iana-servers.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB90B0000000100000000000101610C69616E612D73657276657273034E455400000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:01.816 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.35.51.30",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:02.347 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:00.180 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"a.iana-servers.NET.",1,47371,0,47371,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""a.iana-servers.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB90B0000000100000000000101610C69616E612D73657276657273034E455400000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:01.816 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.43.172.30",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:02.347 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""a.iana-servers.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""199.43.135.53""},{""dns.additional.name"":""a.iana-servers.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2001:500:8f::53""},{""dns.additional.name"":""b.iana-servers.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""199.43.133.53""},{""dns.additional.name"":""b.iana-servers.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2001:500:8d::53""},{""dns.additional.name"":""c.iana-servers.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""199.43.134.53""},{""dns.additional.name"":""c.iana-servers.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2001:500:8e::53""}]",,2,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:00.215 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","192.35.51.30",,"a.iana-servers.NET.",1,47371,0,47371,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""a.iana-servers.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB90B8000000100000004000701610C69616E612D73657276657273034E45540000010001C00E000200010002A300000E026E73056963616E6E036F726700C00E000200010002A3000002C00CC00E000200010002A30000040162C00EC00E000200010002A30000040163C00EC00C000100010002A3000004C72B8735C00C001C00010002A300001020010500008F00000000000000000053C058000100010002A3000004C72B8535C058001C00010002A300001020010500008D00000000000000000053C068000100010002A3000004C72B8635C068001C00010002A300001020010500008E000000000000000000530000291000000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:01.816 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""iana-servers.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns.icann.org""},{""dns.authority.name"":""iana-servers.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""a.iana-servers.NET""},{""dns.authority.name"":""iana-servers.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""b.iana-servers.NET""},{""dns.authority.name"":""iana-servers.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""c.iana-servers.NET""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:02.347 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:20:00.215 PM",2908,4024,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","2001:500:8e::53",,"a.iana-servers.NET.",1,11398,,,,,,,,,,,,,,".",,"7/27/2023, 2:20:01.816 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,NULL,NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:02.347 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""a.iana-servers.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""199.43.135.53""},{""dns.additional.name"":""a.iana-servers.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2001:500:8f::53""},{""dns.additional.name"":""b.iana-servers.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""199.43.133.53""},{""dns.additional.name"":""b.iana-servers.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2001:500:8d::53""},{""dns.additional.name"":""c.iana-servers.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""199.43.134.53""},{""dns.additional.name"":""c.iana-servers.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2001:500:8e::53""}]",,0,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:00.220 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","192.43.172.30",,"a.iana-servers.NET.",1,47371,0,47371,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""a.iana-servers.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB90B8000000100000004000701610C69616E612D73657276657273034E45540000010001C00E000200010002A300000E026E73056963616E6E036F726700C00E000200010002A3000002C00CC00E000200010002A30000040162C00EC00E000200010002A30000040163C00EC00C000100010002A3000004C72B8735C00C001C00010002A300001020010500008F00000000000000000053C058000100010002A3000004C72B8535C058001C00010002A300001020010500008D00000000000000000053C068000100010002A3000004C72B8635C068001C00010002A300001020010500008E000000000000000000530000291000000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:02.317 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""iana-servers.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns.icann.org""},{""dns.authority.name"":""iana-servers.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""a.iana-servers.NET""},{""dns.authority.name"":""iana-servers.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""b.iana-servers.NET""},{""dns.authority.name"":""iana-servers.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""c.iana-servers.NET""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:02.347 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:20:00.220 PM",2908,4024,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","192.43.172.30",,"a.iana-servers.NET.",1,47371,,,,,,,,,,,,,,".",,"7/27/2023, 2:20:02.317 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,NULL,NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:19.543 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:31:16.676 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,49118,58597,49118,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBFDE010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","aff43fea-df87-4b72-8e88-8c004008d354","7/27/2023, 2:31:18.682 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:19.543 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:31:16.676 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,49118,58597,49118,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBFDE818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:31:18.682 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:19.543 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:31:16.676 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,49118,58597,49118,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBFDE818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:31:18.682 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:19.543 PM",,,,,,,,,,,,,,,,,,49118,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:31:16.676 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,53411,0,53411,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD0A30000000100000000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","aff43fea-df87-4b72-8e88-8c004008d354","7/27/2023, 2:31:18.682 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.16.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:19.543 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:31:16.709 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.16.39",,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,53411,0,53411,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD0A38000000100000006000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C023000200010000012C0014076E73312D32303109617A7572652D646E73C03DC023000200010000012C0017076E73322D32303109617A7572652D646E73036E657400C023000200010000012C0018086E7331312D32303109617A7572652D646E73036F726700C023000200010000012C0019086E7331322D32303109617A7572652D646E7304696E666F00C023000200010000012C000B086E7331302D323031C07AC023000200010000012C000A076E73392D323031C05A00002904D0000000000000,".","aff43fea-df87-4b72-8e88-8c004008d354","7/27/2023, 2:31:18.682 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-201.azure-dns.com""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-201.azure-dns.org""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-201.azure-dns.info""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-201.azure-dns.com""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:19.543 PM",,,,,,,,,,,,,,,,,,49118,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:31:16.709 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,18654,0,18654,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x48DE0000000100000000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","aff43fea-df87-4b72-8e88-8c004008d354","7/27/2023, 2:31:19.198 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:19.543 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:31:16.736 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,18654,0,18654,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x48DE8400000100010000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D45411D00002904D0000000000000,".","aff43fea-df87-4b72-8e88-8c004008d354","7/27/2023, 2:31:19.198 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:19.543 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":175,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":175,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""13.69.65.29""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:31:16.736 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,49118,58597,49118,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBFDE818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000AF0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000AF002D16697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F7564617070C040C08C000100010000000900040D45411D,"VirtualizationInstance:.","aff43fea-df87-4b72-8e88-8c004008d354","7/27/2023, 2:31:19.198 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,60,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:25.659 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:31:22.965 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,11633,49789,11633,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2D71010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","bedbef1c-f271-4f24-9f23-2140b4a14d84","7/27/2023, 2:31:25.073 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:25.659 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:31:22.965 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,11633,49789,11633,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2D71818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:31:25.073 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:25.659 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:31:22.965 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,11633,49789,11633,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2D71818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:31:25.073 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:25.659 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":169,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":169,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3,""dns.answer.data"":""13.69.65.29""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:31:22.965 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,11633,49789,11633,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2D71818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000A90025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000A9002D16697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F7564617070C040C08C000100010000000300040D45411D,"VirtualizationInstance:.","bedbef1c-f271-4f24-9f23-2140b4a14d84","7/27/2023, 2:31:25.073 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:39.466 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",262,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,2,"RECURSE_QUERY ",9223372036854775872,"7/27/2023, 2:20:36.503 PM",2908,3164,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,,,,"tm1.edgedns-tm.info.",1,64194,0,,,,,,,,,,,,,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:38.519 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","2620:1ec:bda:700::4",,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:39.466 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:36.503 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"tm1.edgedns-tm.info.",1,64194,0,64194,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFAC20000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:38.519 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.4",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:39.466 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:36.503 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"tm1.edgedns-tm.info.",1,64194,0,64194,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFAC20000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:38.519 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","204.14.183.4",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:39.466 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""tm1.edgedns-tm.info"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""13.107.222.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:36.537 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.4",,"tm1.edgedns-tm.info.",1,64194,0,64194,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFAC28400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:38.519 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:39.466 PM",,,,,,,,,,,,,,,,,,27359,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:36.538 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"atm-settingsfe-prod-geo2.trafficmanager.NET.",1,14039,0,14039,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""atm-settingsfe-prod-geo2.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x36D7000000010000000000011861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","ab1ee771-15cf-4bae-9fae-3830872c0665","7/27/2023, 2:20:38.536 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:39.466 PM",,,,,,,,,,,,,,,,,,,0,".",Default,"[{""dns.answer.name"":""tm1.edgedns-tm.info"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""13.107.222.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:36.538 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","204.14.183.4",,"tm1.edgedns-tm.info.",1,64194,0,64194,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFAC28400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:20:38.536 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:39.466 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:20:36.538 PM",2908,4024,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","204.14.183.4",,"tm1.edgedns-tm.info.",1,64194,,,,,,,,,,,,,,".",,"7/27/2023, 2:20:38.536 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,NULL,NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:39.466 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""atm-settingsfe-prod-geo2.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""settings-prod-weu-1.westeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:36.575 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"atm-settingsfe-prod-geo2.trafficmanager.NET.",1,14039,0,14039,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""atm-settingsfe-prod-geo2.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x36D7840000010001000000011861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572034E45540000010001C00C000500010000003C00331373657474696E67732D70726F642D7765752D310A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","ab1ee771-15cf-4bae-9fae-3830872c0665","7/27/2023, 2:20:38.536 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:39.466 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:20:36.575 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"settings-prod-weu-1.westeurope.cloudapp.azure.com.",1,27359,50929,27359,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6ADF818000010002000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:20:38.536 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:39.466 PM",,,,,,,,,,,,,,,,,,27359,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:36.576 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"settings-prod-weu-1.westeurope.cloudapp.azure.com.",1,48400,0,48400,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""settings-prod-weu-1.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBD10000000010000000000011373657474696E67732D70726F642D7765752D310A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","ab1ee771-15cf-4bae-9fae-3830872c0665","7/27/2023, 2:20:38.536 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:39.466 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""settings-prod-weu-1.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""51.124.78.146""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:36.603 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"settings-prod-weu-1.westeurope.cloudapp.azure.com.",1,48400,0,48400,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""settings-prod-weu-1.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBD10840000010001000000011373657474696E67732D70726F642D7765752D310A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A0004337C4E9200002904D0000000000000,".","ab1ee771-15cf-4bae-9fae-3830872c0665","7/27/2023, 2:20:38.536 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:39.466 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""settings-win.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3256,""dns.answer.data"":""atm-settingsfe-prod-geo2.trafficmanager.net""},{""dns.answer.name"":""atm-settingsfe-prod-geo2.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":56,""dns.answer.data"":""settings-prod-weu-1.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""settings-prod-weu-1.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":6,""dns.answer.data"":""51.124.78.146""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:20:36.603 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"settings-win.data.microsoft.com.",1,27359,50929,27359,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6ADF818000010003000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001C00C0005000100000CB8002D1861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572036E657400C03D000500010000003800301373657474696E67732D70726F642D7765752D310A776573746575726F706508636C6F756461707005617A757265C028C07600010001000000060004337C4E92,"VirtualizationInstance:.","ab1ee771-15cf-4bae-9fae-3830872c0665","7/27/2023, 2:20:39.051 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,4568,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:41:43.183 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,40727,58979,40727,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9F17010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","6a12fe54-30f4-4b58-9e28-771b783e51d2","7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,40727,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:41:43.183 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,13366,0,13366,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3436000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","6a12fe54-30f4-4b58-9e28-771b783e51d2","7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.16.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:41:43.214 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.16.39",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,13366,0,13366,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3436800000010000000400012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C031000200010000012C0013066E73312D303109617A7572652D646E73C046C031000200010000012C0016066E73322D303109617A7572652D646E73036E657400C031000200010000012C0016066E73332D303109617A7572652D646E73036F726700C031000200010000012C0017066E73342D303109617A7572652D646E7304696E666F0000002904D0000000000000,".","6a12fe54-30f4-4b58-9e28-771b783e51d2","7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-01.azure-dns.com""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-01.azure-dns.net""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns3-01.azure-dns.org""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns4-01.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,40727,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:41:43.214 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,54317,0,54317,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD42D000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","6a12fe54-30f4-4b58-9e28-771b783e51d2","7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:41:43.244 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,54317,0,54317,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD42D840000010001000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E65740000002904D0000000000000,".","6a12fe54-30f4-4b58-9e28-771b783e51d2","7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:41:43.244 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,40727,58979,40727,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9F17818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:41:43.245 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"tm1.edgedns-tm.info.",1,36381,0,36381,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8E1D0000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","204.14.183.4",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""tm1.edgedns-tm.info"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""13.107.222.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:41:43.279 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","204.14.183.4",,"tm1.edgedns-tm.info.",1,36381,0,36381,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8E1D8400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,40727,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:41:43.279 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"opinsightsweuods.trafficmanager.NET.",1,33492,0,33492,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x82D400000001000000000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","6a12fe54-30f4-4b58-9e28-771b783e51d2","7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""opinsightsweuods.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:41:43.309 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"opinsightsweuods.trafficmanager.NET.",1,33492,0,33492,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x82D484000001000100000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E45540000010001C00C000500010000012C003616697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","6a12fe54-30f4-4b58-9e28-771b783e51d2","7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:41:43.309 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,40727,58979,40727,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9F17818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,40727,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:41:43.310 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,59623,0,59623,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE8E70000000100000000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","6a12fe54-30f4-4b58-9e28-771b783e51d2","7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""104.40.170.64""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:41:43.338 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,59623,0,59623,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE8E78400000100010000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00046828AA4000002904D0000000000000,".","6a12fe54-30f4-4b58-9e28-771b783e51d2","7/27/2023, 2:41:45.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:41:46.067 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":299,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":299,""dns.answer.data"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""104.40.170.64""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:41:43.338 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,40727,58979,40727,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9F17818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012B0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000012B002D16697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F7564617070C040C08C000100010000000900046828AA40,"VirtualizationInstance:.","6a12fe54-30f4-4b58-9e28-771b783e51d2","7/27/2023, 2:41:45.710 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,155,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:54.931 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:31:52.296 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,54650,52819,54650,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD57A010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","a65e0249-ad21-47d8-b00b-fcdd3e376241","7/27/2023, 2:31:54.370 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:54.931 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:31:52.296 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,54650,52819,54650,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD57A818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:31:54.370 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:54.931 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:31:52.296 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,54650,52819,54650,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD57A818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:31:54.370 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:54.931 PM",,,,,,,,,,,,,,,,,,54650,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:31:52.296 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,48560,0,48560,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBDB00000000100000000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","a65e0249-ad21-47d8-b00b-fcdd3e376241","7/27/2023, 2:31:54.370 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:54.931 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:31:52.323 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,48560,0,48560,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBDB08400000100010000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D45411D00002904D0000000000000,".","a65e0249-ad21-47d8-b00b-fcdd3e376241","7/27/2023, 2:31:54.884 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:31:54.931 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":140,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":140,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:31:52.323 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,54650,52819,54650,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD57A818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000008C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000008C002D16697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F7564617070C040C08C000100010000000A00040D45411D,"VirtualizationInstance:.","a65e0249-ad21-47d8-b00b-fcdd3e376241","7/27/2023, 2:31:54.884 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,27,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:43:49.642 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:43:46.941 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,56085,52742,56085,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xDB15010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","3bef09a0-6c14-4b2d-b762-875d912a035c","7/27/2023, 2:43:48.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:43:49.642 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:43:46.941 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,56085,52742,56085,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xDB15818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:43:48.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:43:49.642 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:43:46.941 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,56085,52742,56085,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xDB15818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:43:48.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:43:49.642 PM",,,,,,,,,,,,,,,,,,56085,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:43:46.942 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,4606,0,4606,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x11FE0000000100000000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","3bef09a0-6c14-4b2d-b762-875d912a035c","7/27/2023, 2:43:48.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.16.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:43:49.642 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:43:46.973 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.16.39",,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,4606,0,4606,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x11FE8000000100000006000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C023000200010000012C0014076E73312D32303109617A7572652D646E73C03DC023000200010000012C0017076E73322D32303109617A7572652D646E73036E657400C023000200010000012C0018086E7331312D32303109617A7572652D646E73036F726700C023000200010000012C0019086E7331322D32303109617A7572652D646E7304696E666F00C023000200010000012C000B086E7331302D323031C07AC023000200010000012C000A076E73392D323031C05A00002904D0000000000000,".","3bef09a0-6c14-4b2d-b762-875d912a035c","7/27/2023, 2:43:48.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-201.azure-dns.com""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-201.azure-dns.org""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-201.azure-dns.info""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-201.azure-dns.com""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:43:49.642 PM",,,,,,,,,,,,,,,,,,56085,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:43:46.973 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,21230,0,21230,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x52EE0000000100000000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","3bef09a0-6c14-4b2d-b762-875d912a035c","7/27/2023, 2:43:48.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:43:49.642 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""104.40.170.64""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:43:47.001 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,21230,0,21230,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x52EE8400000100010000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00046828AA4000002904D0000000000000,".","3bef09a0-6c14-4b2d-b762-875d912a035c","7/27/2023, 2:43:48.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:43:49.642 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":175,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":175,""dns.answer.data"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""104.40.170.64""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:43:47.001 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,56085,52742,56085,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xDB15818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000AF0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000AF002D16697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F7564617070C040C08C000100010000000A00046828AA40,"VirtualizationInstance:.","3bef09a0-6c14-4b2d-b762-875d912a035c","7/27/2023, 2:43:49.474 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,60,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:26.670 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:33:24.100 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,35406,63708,35406,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8A4E010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","1887dcc7-c0ac-4680-926f-423f119d5e13","7/27/2023, 2:33:26.102 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:26.670 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:33:24.100 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,35406,63708,35406,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8A4E818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:33:26.102 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:26.670 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:33:24.100 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,35406,63708,35406,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8A4E818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:33:26.102 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:26.670 PM",,,,,,,,,,,,,,,,,,35406,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:33:24.101 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,38814,0,38814,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x979E0000000100000000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","1887dcc7-c0ac-4680-926f-423f119d5e13","7/27/2023, 2:33:26.102 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:26.670 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:33:24.126 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,38814,0,38814,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x979E8400000100010000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D45411D00002904D0000000000000,".","1887dcc7-c0ac-4680-926f-423f119d5e13","7/27/2023, 2:33:26.102 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:26.670 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":48,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":48,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""13.69.65.29""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:33:24.126 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,35406,63708,35406,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8A4E818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000300025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000030002D16697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F7564617070C040C08C000100010000000900040D45411D,"VirtualizationInstance:.","1887dcc7-c0ac-4680-926f-423f119d5e13","7/27/2023, 2:33:26.617 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,25,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:45:53.614 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:45:50.955 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,49031,59522,49031,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBF87010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","732a6fe5-2031-48de-b432-a7914d5f58e4","7/27/2023, 2:45:52.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:45:53.614 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:45:50.955 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,49031,59522,49031,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBF87818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:45:52.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:45:53.614 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:45:50.955 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,49031,59522,49031,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBF87818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:45:52.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:45:53.614 PM",,,,,,,,,,,,,,,,,,49031,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:45:50.955 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,44743,0,44743,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAEC70000000100000000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","732a6fe5-2031-48de-b432-a7914d5f58e4","7/27/2023, 2:45:52.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:45:53.614 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""104.40.170.64""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:45:50.991 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,44743,0,44743,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAEC78400000100010000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00046828AA4000002904D0000000000000,".","732a6fe5-2031-48de-b432-a7914d5f58e4","7/27/2023, 2:45:52.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:45:53.614 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":51,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":51,""dns.answer.data"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""104.40.170.64""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:45:50.991 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,49031,59522,49031,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBF87818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000330025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000033002D16697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F7564617070C040C08C000100010000000900046828AA40,"VirtualizationInstance:.","732a6fe5-2031-48de-b432-a7914d5f58e4","7/27/2023, 2:45:52.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,37,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:45:53.614 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:45:51.157 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"wpad.local.",1,22213,54472,22213,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wpad.local"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x56C5010000010000000000000477706164056C6F63616C0000010001,".","8ca533b1-9afb-4bbd-bd9e-3c2787c4a8b9","7/27/2023, 2:45:52.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:45:53.614 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:45:51.157 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,34179,0,"172.18.88.20",,,"wpad.local.",1,22213,54472,22213,true,false,true,QUERY,true,NXDOMAIN,false,false,true,"[{""dns.query.name"":""wpad.local"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x56C5858300010000000100000477706164056C6F63616C0000010001056C6F63616C000006000100000E10002A0677696E646E73C01C0A686F73746D6173746572C01C0000001500000384000002580001518000000E10,"VirtualizationInstance:.","8ca533b1-9afb-4bbd-bd9e-3c2787c4a8b9","7/27/2023, 2:45:52.974 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",1,0,0,3,Default,local,NULL,"[{""dns.authority.name"":""local"",""dns.authority.type"":""SOA"",""dns.authority.class"":""IN"",""dns.authority.ttl"":3600,""dns.soa.data.name_server"":""windns.local"",""dns.soa.data.auth_mailbox"":""hostmaster.local"",""dns.soa.data.serial_number"":21,""dns.soa.data.refresh_interval"":900,""dns.soa.data.retry_interval"":600,""dns.soa.data.expire_limit"":86400,""dns.soa.data.min_ttl"":3600}]",0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:55.180 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:20:52.670 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,13415,51671,13415,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3467010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","b8096a51-8a8f-4a4b-8311-609c81e6e5ee","7/27/2023, 2:20:54.707 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:55.180 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:20:52.671 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,13415,51671,13415,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3467818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:20:54.707 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:55.180 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:20:52.671 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,13415,51671,13415,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3467818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:20:54.707 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:55.180 PM",,,,,,,,,,,,,,,,,,13415,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:20:52.671 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,55181,0,55181,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD78D0000000100000000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","b8096a51-8a8f-4a4b-8311-609c81e6e5ee","7/27/2023, 2:20:54.707 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:55.180 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:20:52.701 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,55181,0,55181,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD78D8400000100010000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D45411D00002904D0000000000000,".","b8096a51-8a8f-4a4b-8311-609c81e6e5ee","7/27/2023, 2:20:54.707 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:20:55.180 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":48,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":48,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""13.69.65.29""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:20:52.702 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,13415,51671,13415,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3467818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000300025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000030002D16697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F7564617070C040C08C000100010000000900040D45411D,"VirtualizationInstance:.","b8096a51-8a8f-4a4b-8311-609c81e6e5ee","7/27/2023, 2:20:55.208 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,31,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:31.978 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:33:29.392 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,5114,57920,5114,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x13FA010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","fcea8ae5-d9a2-4778-b2c1-393abc3c1baa","7/27/2023, 2:33:31.429 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:31.978 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:33:29.392 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,5114,57920,5114,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x13FA818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:33:31.930 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:31.978 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:33:29.392 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,5114,57920,5114,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x13FA818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:33:31.930 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:31.978 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":43,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":43,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":4,""dns.answer.data"":""13.69.65.29""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:33:29.392 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,5114,57920,5114,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x13FA818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000002B0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000002B002D16697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F7564617070C040C08C000100010000000400040D45411D,"VirtualizationInstance:.","fcea8ae5-d9a2-4778-b2c1-393abc3c1baa","7/27/2023, 2:33:31.930 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,1,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:06.225 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:46:03.524 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,27382,52544,27382,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6AF6010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","1978aa6b-6fc4-499b-b1f9-e6914be13089","7/27/2023, 2:46:05.583 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:06.225 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:03.524 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,27382,52544,27382,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6AF6818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:46:05.583 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:06.225 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:03.524 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,27382,52544,27382,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6AF6818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:46:05.583 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:06.225 PM",,,,,,,,,,,,,,,,,,27382,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:03.525 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,43973,0,43973,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xABC50000000100000000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","1978aa6b-6fc4-499b-b1f9-e6914be13089","7/27/2023, 2:46:05.583 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:06.225 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""104.40.170.64""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:03.557 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,43973,0,43973,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xABC58400000100010000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00046828AA4000002904D0000000000000,".","1978aa6b-6fc4-499b-b1f9-e6914be13089","7/27/2023, 2:46:05.583 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:06.225 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":38,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":38,""dns.answer.data"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""104.40.170.64""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:46:03.557 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,27382,52544,27382,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6AF6818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000260025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000026002D16697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F7564617070C040C08C000100010000000900046828AA40,"VirtualizationInstance:.","1978aa6b-6fc4-499b-b1f9-e6914be13089","7/27/2023, 2:46:05.583 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,34,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:49.720 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:24:46.547 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"adl.windows.com.",1,3595,54472,3595,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""adl.windows.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0E0B010000010000000000000361646C0777696E646F777303636F6D0000010001,".","7bbb3f14-f27b-4b60-b4c8-4d841ba89ea2","7/27/2023, 2:24:48.532 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:49.720 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""adl.windows.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3600,""dns.answer.data"":""adl.windows.com.edgesuite.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:24:46.569 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.205",,"adl.windows.com.",1,30275,0,30275,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""adl.windows.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7643840000010001000000010361646C0777696E646F777303636F6D0000010001C00C0005000100000E10001F0361646C0777696E646F777303636F6D09656467657375697465036E65740000002904D0000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:48.532 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:49.720 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:24:46.569 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"adl.windows.com.edgesuite.net.",1,3595,54472,3595,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""adl.windows.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0E0B818000010001000000000361646C0777696E646F777303636F6D0000010001,,,"7/27/2023, 2:24:48.532 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:49.720 PM",,,,,,,,,,,,,,,,,,3595,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:24:46.571 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"adl.windows.com.edgesuite.NET.",1,55386,0,55386,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""adl.windows.com.edgesuite.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD85A000000010000000000010361646C0777696E646F777303636F6D09656467657375697465034E455400000100010000290FA0000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:48.532 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.33.14.30",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:49.720 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""ns1-2.akam.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""193.108.91.2""},{""dns.additional.name"":""ns1-2.akam.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2600:1401:2::2""},{""dns.additional.name"":""usw6.akam.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""23.61.199.64""},{""dns.additional.name"":""adns3.akam.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""184.26.161.67""},{""dns.additional.name"":""ns4-65.akam.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""84.53.139.65""},{""dns.additional.name"":""ns7-65.akam.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""96.7.49.65""},{""dns.additional.name"":""ns5-65.akam.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""184.85.248.65""},{""dns.additional.name"":""a12-64.akam.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""184.26.160.64""},{""dns.additional.name"":""a28-64.akam.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""95.100.173.64""},{""dns.additional.name"":""a13-64.akam.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2.22.230.64""},{""dns.additional.name"":""a6-64.akam.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""23.211.133.64""},{""dns.additional.name"":""a6-64.akam.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2600:1401:1::40""},{""dns.additional.name"":"""",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2.16.130.64""},{""dns.additional.name"":"""",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""95.100.168.64""},{""dns.additional.name"":"""",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""95.101.36.64""}]",,2,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:24:46.747 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","192.33.14.30",,"adl.windows.com.edgesuite.NET.",1,55386,0,55386,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""adl.windows.com.edgesuite.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD85A800000010000000D00100361646C0777696E646F777303636F6D09656467657375697465034E45540000010001C01C000200010002A300000D056E73312D3204616B616DC026C01C000200010002A30000070475737736C041C01C000200010002A30000080561646E7333C041C01C000200010002A3000009066E73342D3635C041C01C000200010002A3000009066E73372D3635C041C01C000200010002A3000009066E73352D3635C041C01C000200010002A3000009066131322D3634C041C01C000200010002A3000009066132382D3634C041C01C000200010002A3000009066131332D3634C041C01C000200010002A30000080561362D3634C041C01C000200010002A3000009066132342D3634C041C01C000200010002A30000080561352D3634C041C01C000200010002A3000009066131382D3634C041C03B000100010002A3000004C16C5B02C03B001C00010002A300001026001401000200000000000000000002C054000100010002A3000004173DC740C067000100010002A3000004B81AA143C07B000100010002A300000454358B41C090000100010002A300000460073141C0A5000100010002A3000004B855F841C0BA000100010002A3000004B81AA040C0CF000100010002A30000045F64AD40C0E4000100010002A30000040216E640C0F9000100010002A300000417D38540C0F9001C00010002A300001026001401000100000000000000000040C10D000100010002A300000402108240C122000100010002A30000045F64A840C136000100010002A30000045F6524400000291000000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:48.532 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns1-2.akam.NET""},{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""usw6.akam.NET""},{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""adns3.akam.NET""},{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns4-65.akam.NET""},{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns7-65.akam.NET""},{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns5-65.akam.NET""},{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""a12-64.akam.NET""},{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""a28-64.akam.NET""},{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""a13-64.akam.NET""},{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""a6-64.akam.NET""},{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""a24-64.akam.NET""},{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""a5-64.akam.NET""},{""dns.authority.name"":""edgesuite.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""a18-64.akam.NET""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:49.720 PM",,,,,,,,,,,,,,,,,,3595,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:24:46.748 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"adl.windows.com.edgesuite.NET.",1,39721,0,39721,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""adl.windows.com.edgesuite.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9B29000000010000000000010361646C0777696E646F777303636F6D09656467657375697465034E455400000100010000290FA0000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:48.532 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","96.7.49.65",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:49.720 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""adl.windows.com.edgesuite.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":21600,""dns.answer.data"":""a1943.g2.akamai.NET""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:24:46.785 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","96.7.49.65",,"adl.windows.com.edgesuite.NET.",1,39721,0,39721,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""adl.windows.com.edgesuite.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9B29840000010001000000010361646C0777696E646F777303636F6D09656467657375697465034E45540000010001C00C0005000100005460001205613139343302673206616B616D6169C0260000291000000000000000,".","27e53220-7c5f-42b3-8de8-ee229b8ba17c","7/27/2023, 2:24:48.532 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:49.720 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:24:46.785 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"a1943.g2.akamai.net.",1,3595,54472,3595,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""adl.windows.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0E0B818000010002000000000361646C0777696E646F777303636F6D0000010001,,,"7/27/2023, 2:24:48.532 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:24:49.720 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:24:46.785 PM",2908,4028,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","2001:500:856e::30",,"a1943.g2.akamai.NET.",1,60936,,,,,,,,,,,,,,".",,"7/27/2023, 2:24:49.062 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,"..Cache",NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:58.939 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:33:56.213 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,22873,50185,22873,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5959010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","4483e952-e71a-4f32-8539-110072228dbb","7/27/2023, 2:33:58.232 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:58.939 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:33:56.213 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,22873,50185,22873,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5959818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:33:58.232 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:58.939 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:33:56.213 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,22873,50185,22873,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5959818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:33:58.232 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:58.939 PM",,,,,,,,,,,,,,,,,,22873,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:33:56.213 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,61473,0,61473,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF0210000000100000000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","4483e952-e71a-4f32-8539-110072228dbb","7/27/2023, 2:33:58.232 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:58.939 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:33:56.243 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com.",1,61473,0,61473,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF0218400000100010000000116697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D45411D00002904D0000000000000,".","4483e952-e71a-4f32-8539-110072228dbb","7/27/2023, 2:33:58.232 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:33:58.939 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":16,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":16,""dns.answer.data"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-f.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.65.29""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:33:56.244 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,22873,50185,22873,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5959818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000100025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000010002D16697076342D7765752D6F692D6F64732D637365732D660A776573746575726F706508636C6F7564617070C040C08C000100010000000A00040D45411D,"VirtualizationInstance:.","4483e952-e71a-4f32-8539-110072228dbb","7/27/2023, 2:33:58.232 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,31,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:18.439 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:46:15.684 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,49962,63296,49962,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC32A010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","e155c903-cd3e-413e-9224-008891c50578","7/27/2023, 2:46:17.740 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:18.439 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:15.684 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,49962,63296,49962,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC32A818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:46:17.740 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:18.439 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:15.684 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,49962,63296,49962,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC32A818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:46:17.740 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:18.439 PM",,,,,,,,,,,,,,,,,,49962,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:15.684 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,30641,0,30641,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x77B10000000100000000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","e155c903-cd3e-413e-9224-008891c50578","7/27/2023, 2:46:17.740 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:18.439 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""104.40.170.64""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:15.714 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,30641,0,30641,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x77B18400000100010000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00046828AA4000002904D0000000000000,".","e155c903-cd3e-413e-9224-008891c50578","7/27/2023, 2:46:18.255 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:18.439 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":26,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":26,""dns.answer.data"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""104.40.170.64""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:46:15.714 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,49962,63296,49962,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC32A818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000001A0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000001A002D16697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F7564617070C040C08C000100010000000900046828AA40,"VirtualizationInstance:.","e155c903-cd3e-413e-9224-008891c50578","7/27/2023, 2:46:18.255 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,30,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:46:27.001 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"v20.events.data.microsoft.com.",1,23053,57919,23053,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v20.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5A0D0100000100000000000003763230066576656E74730464617461096D6963726F736F667403636F6D0000010001,".","69443701-61fe-4ee2-bd6b-0968109d93b8","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,23053,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:27.001 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"v20.events.data.microsoft.com.",1,52268,0,52268,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v20.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xCC2C0000000100000000000103763230066576656E74730464617461096D6963726F736F667403636F6D00000100010000290FA0000000000000,".","69443701-61fe-4ee2-bd6b-0968109d93b8","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""v20.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":120,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:27.027 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.39",,"v20.events.data.microsoft.com.",1,52268,0,52268,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""v20.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xCC2C8400000100010000000103763230066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007800382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E65740000002904D0000000000000,".","69443701-61fe-4ee2-bd6b-0968109d93b8","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:27.027 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"win-global-asimov-leafs-events-data.trafficmanager.net.",1,23053,57919,23053,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v20.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5A0D8180000100010000000003763230066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,23053,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:27.027 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,38361,0,38361,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x95D9000000010000000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","69443701-61fe-4ee2-bd6b-0968109d93b8","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""onedscolprdeus07.eastus.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:27.056 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,38361,0,38361,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x95D9840000010001000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E45540000010001C00C000500010000003C002C106F6E656473636F6C70726465757330370665617374757308636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","69443701-61fe-4ee2-bd6b-0968109d93b8","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:27.057 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"onedscolprdeus07.eastus.cloudapp.azure.com.",1,23053,57919,23053,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v20.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5A0D8180000100020000000003763230066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,23053,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:27.057 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprdeus07.eastus.cloudapp.azure.com.",1,36092,0,36092,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdeus07.eastus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8CFC00000001000000000001106F6E656473636F6C70726465757330370665617374757308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","69443701-61fe-4ee2-bd6b-0968109d93b8","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.16.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,3,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:27.086 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.16.39",,"onedscolprdeus07.eastus.cloudapp.azure.com.",1,36092,0,36092,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdeus07.eastus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8CFC80000001000000040001106F6E656473636F6C70726465757330370665617374757308636C6F756461707005617A75726503636F6D0000010001C01D000200010000012C0014076E73392D32303109617A7572652D646E73C033C01D000200010000012C0018086E7331302D32303109617A7572652D646E73036E657400C01D000200010000012C0018086E7331312D32303109617A7572652D646E73036F726700C01D000200010000012C0019086E7331322D32303109617A7572652D646E7304696E666F0000002904D0000000000000,".","69443701-61fe-4ee2-bd6b-0968109d93b8","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""eastus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-201.azure-dns.com""},{""dns.authority.name"":""eastus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-201.azure-dns.net""},{""dns.authority.name"":""eastus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-201.azure-dns.org""},{""dns.authority.name"":""eastus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-201.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,23053,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:27.086 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprdeus07.eastus.cloudapp.azure.com.",1,54278,0,54278,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdeus07.eastus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD40600000001000000000001106F6E656473636F6C70726465757330370665617374757308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","69443701-61fe-4ee2-bd6b-0968109d93b8","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""onedscolprdeus07.eastus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.168.117.168""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:27.111 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"onedscolprdeus07.eastus.cloudapp.azure.com.",1,54278,0,54278,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdeus07.eastus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD40684000001000100000001106F6E656473636F6C70726465757330370665617374757308636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434A875A800002904D0000000000000,".","69443701-61fe-4ee2-bd6b-0968109d93b8","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""v20.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":119,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""},{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":59,""dns.answer.data"":""onedscolprdeus07.eastus.cloudapp.azure.com""},{""dns.answer.name"":""onedscolprdeus07.eastus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.168.117.168""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:46:27.111 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"v20.events.data.microsoft.com.",1,23053,57919,23053,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v20.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5A0D8180000100030000000003763230066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007700382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E657400C03B000500010000003B0029106F6E656473636F6C70726465757330370665617374757308636C6F756461707005617A757265C026C07F0001000100000009000434A875A8,"VirtualizationInstance:.","69443701-61fe-4ee2-bd6b-0968109d93b8","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,110,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:46:27.223 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"licensing.mp.microsoft.com.",1,48565,61737,48565,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""licensing.mp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBDB501000001000000000000096C6963656E73696E67026D70096D6963726F736F667403636F6D0000010001,".","a6433215-8da0-43ed-a6fe-ad42fae58dbb","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:27.223 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"consumer-licensing-aks2aks.md.mp.microsoft.com.akadns.net.",1,48565,61737,48565,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""licensing.mp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBDB581800001000100000000096C6963656E73696E67026D70096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,48565,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:27.223 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"consumer-licensing-aks2aks.md.mp.microsoft.com.akadns.NET.",1,15801,0,15801,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""consumer-licensing-aks2aks.md.mp.microsoft.com.akadns.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3DB9000000010000000000011A636F6E73756D65722D6C6963656E73696E672D616B7332616B73026D64026D70096D6963726F736F667403636F6D06616B61646E73034E455400000100010000290FA0000000000000,".","a6433215-8da0-43ed-a6fe-ad42fae58dbb","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","23.61.199.131",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""consumer-licensing-aks2aks.md.mp.microsoft.com.akadns.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""licensing-prod-frontdoor-geomap.trafficmanager.NET""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:27.266 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","23.61.199.131",,"consumer-licensing-aks2aks.md.mp.microsoft.com.akadns.NET.",1,15801,0,15801,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""consumer-licensing-aks2aks.md.mp.microsoft.com.akadns.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3DB9840000010001000000011A636F6E73756D65722D6C6963656E73696E672D616B7332616B73026D64026D70096D6963726F736F667403636F6D06616B61646E73034E45540000010001C00C000500010000003C00311F6C6963656E73696E672D70726F642D66726F6E74646F6F722D67656F6D61700E747261666669636D616E61676572C0420000291000000000000000,".","a6433215-8da0-43ed-a6fe-ad42fae58dbb","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:27.266 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"licensing-prod-frontdoor-geomap.trafficmanager.net.",1,48565,61737,48565,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""licensing.mp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBDB581800001000200000000096C6963656E73696E67026D70096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,48565,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:27.266 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"licensing-prod-frontdoor-geomap.trafficmanager.NET.",1,50529,0,50529,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""licensing-prod-frontdoor-geomap.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC561000000010000000000011F6C6963656E73696E672D70726F642D66726F6E74646F6F722D67656F6D61700E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","a6433215-8da0-43ed-a6fe-ad42fae58dbb","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:46:27.271 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"licensing.mp.microsoft.com.",1,48565,61737,48565,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""licensing.mp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBDB501000001000000000000096C6963656E73696E67026D70096D6963726F736F667403636F6D0000010001,".","e5b7b895-84cc-4290-93ad-4725f41e1a45","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:27.271 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"consumer-licensing-aks2aks.md.mp.microsoft.com.akadns.net.",1,48565,61737,48565,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""licensing.mp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBDB581800001000100000000096C6963656E73696E67026D70096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:27.271 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"licensing-prod-frontdoor-geomap.trafficmanager.net.",1,48565,61737,48565,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""licensing.mp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBDB581800001000200000000096C6963656E73696E67026D70096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""licensing-prod-frontdoor-geomap.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""neu.frontdoor.licensing.commerce.microsoft.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:27.298 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"licensing-prod-frontdoor-geomap.trafficmanager.NET.",1,50529,0,50529,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""licensing-prod-frontdoor-geomap.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC561840000010001000000011F6C6963656E73696E672D70726F642D66726F6E74646F6F722D67656F6D61700E747261666669636D616E61676572034E45540000010001C00C000500010000003C0030036E65750966726F6E74646F6F72096C6963656E73696E6708636F6D6D65726365096D6963726F736F667403636F6D0000002904D0000000000000,".","a6433215-8da0-43ed-a6fe-ad42fae58dbb","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:27.298 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"neu.frontdoor.licensing.commerce.microsoft.com.",1,48565,61737,48565,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""licensing.mp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBDB581800001000300000000096C6963656E73696E67026D70096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,48565,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:27.298 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"neu.frontdoor.licensing.commerce.microsoft.com.",1,38980,0,38980,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""neu.frontdoor.licensing.commerce.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x984400000001000000000001036E65750966726F6E74646F6F72096C6963656E73696E6708636F6D6D65726365096D6963726F736F667403636F6D00000100010000290FA0000000000000,".","a6433215-8da0-43ed-a6fe-ad42fae58dbb","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.5",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""neu.frontdoor.licensing.commerce.microsoft.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""20.123.104.105""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:27.327 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.5",,"neu.frontdoor.licensing.commerce.microsoft.com.",1,38980,0,38980,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""neu.frontdoor.licensing.commerce.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x984484000001000100000001036E65750966726F6E74646F6F72096C6963656E73696E6708636F6D6D65726365096D6963726F736F667403636F6D0000010001C00C000100010000003C0004147B686900002904D0000000000000,".","a6433215-8da0-43ed-a6fe-ad42fae58dbb","7/27/2023, 2:46:28.990 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:29.918 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""licensing.mp.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1699,""dns.answer.data"":""consumer-licensing-aks2aks.md.mp.microsoft.com.akadns.net""},{""dns.answer.name"":""consumer-licensing-aks2aks.md.mp.microsoft.com.akadns.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""licensing-prod-frontdoor-geomap.trafficmanager.net""},{""dns.answer.name"":""licensing-prod-frontdoor-geomap.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""neu.frontdoor.licensing.commerce.microsoft.com""},{""dns.answer.name"":""neu.frontdoor.licensing.commerce.microsoft.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""20.123.104.105""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:46:27.327 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"licensing.mp.microsoft.com.",1,48565,61737,48565,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""licensing.mp.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBDB581800001000400000000096C6963656E73696E67026D70096D6963726F736F667403636F6D0000010001C00C00050001000006A3003B1A636F6E73756D65722D6C6963656E73696E672D616B7332616B73026D64026D70096D6963726F736F667403636F6D06616B61646E73036E657400C038000500010000003C00311F6C6963656E73696E672D70726F642D66726F6E74646F6F722D67656F6D61700E747261666669636D616E61676572C06EC07F000500010000003C0023036E65750966726F6E74646F6F72096C6963656E73696E6708636F6D6D65726365C019C0BC000100010000003C0004147B6869,"VirtualizationInstance:.","a6433215-8da0-43ed-a6fe-ad42fae58dbb","7/27/2023, 2:46:29.521 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,104,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:35.372 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:35:32.421 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"v10.events.data.microsoft.com.",1,49069,62233,49069,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBFAD0100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,".","f3b9decb-da1d-4c06-9417-2b479c63cb6b","7/27/2023, 2:35:34.444 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:35.372 PM",,,,,,,,,,,,,,,,,,49069,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:35:32.421 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"v10.events.data.microsoft.com.",1,4979,0,4979,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x13730000000100000000000103763130066576656E74730464617461096D6963726F736F667403636F6D00000100010000290FA0000000000000,".","f3b9decb-da1d-4c06-9417-2b479c63cb6b","7/27/2023, 2:35:34.444 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:35.372 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":120,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:35:32.448 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.39",,"v10.events.data.microsoft.com.",1,4979,0,4979,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x13738400000100010000000103763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007800382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E65740000002904D0000000000000,".","f3b9decb-da1d-4c06-9417-2b479c63cb6b","7/27/2023, 2:35:34.444 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:35.372 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:35:32.448 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"win-global-asimov-leafs-events-data.trafficmanager.net.",1,49069,62233,49069,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBFAD8180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:35:34.444 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:35.372 PM",,,,,,,,,,,,,,,,,,49069,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:35:32.449 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,7927,0,7927,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1EF7000000010000000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","f3b9decb-da1d-4c06-9417-2b479c63cb6b","7/27/2023, 2:35:34.444 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:35.372 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""onedscolprdwus09.westus.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:35:32.480 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,7927,0,7927,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1EF7840000010001000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E45540000010001C00C000500010000003C002C106F6E656473636F6C70726477757330390677657374757308636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","f3b9decb-da1d-4c06-9417-2b479c63cb6b","7/27/2023, 2:35:34.444 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:35.372 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:35:32.480 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"onedscolprdwus09.westus.cloudapp.azure.com.",1,49069,62233,49069,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBFAD8180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:35:34.444 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:35.372 PM",,,,,,,,,,,,,,,,,,49069,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:35:32.480 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprdwus09.westus.cloudapp.azure.com.",1,62160,0,62160,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdwus09.westus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF2D000000001000000000001106F6E656473636F6C70726477757330390677657374757308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","f3b9decb-da1d-4c06-9417-2b479c63cb6b","7/27/2023, 2:35:34.444 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.16.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:35.372 PM",,,,,,,,,,,,,,,,,,,3,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:35:32.515 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.16.39",,"onedscolprdwus09.westus.cloudapp.azure.com.",1,62160,0,62160,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdwus09.westus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF2D080000001000000040001106F6E656473636F6C70726477757330390677657374757308636C6F756461707005617A75726503636F6D0000010001C01D000200010000012C0013066E73392D303209617A7572652D646E73C033C01D000200010000012C0017076E7331302D303209617A7572652D646E73036E657400C01D000200010000012C0017076E7331312D303209617A7572652D646E73036F726700C01D000200010000012C0018076E7331322D303209617A7572652D646E7304696E666F0000002904D0000000000000,".","f3b9decb-da1d-4c06-9417-2b479c63cb6b","7/27/2023, 2:35:34.444 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""westus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-02.azure-dns.com""},{""dns.authority.name"":""westus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-02.azure-dns.net""},{""dns.authority.name"":""westus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-02.azure-dns.org""},{""dns.authority.name"":""westus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-02.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:35.372 PM",,,,,,,,,,,,,,,,,,49069,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:35:32.515 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprdwus09.westus.cloudapp.azure.com.",1,57962,0,57962,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdwus09.westus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE26A00000001000000000001106F6E656473636F6C70726477757330390677657374757308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","f3b9decb-da1d-4c06-9417-2b479c63cb6b","7/27/2023, 2:35:34.444 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.2",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:35.372 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""onedscolprdwus09.westus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""20.189.173.10""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:35:32.543 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.2",,"onedscolprdwus09.westus.cloudapp.azure.com.",1,57962,0,57962,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdwus09.westus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE26A84000001000100000001106F6E656473636F6C70726477757330390677657374757308636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000414BDAD0A00002904D0000000000000,".","f3b9decb-da1d-4c06-9417-2b479c63cb6b","7/27/2023, 2:35:34.444 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:35.372 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":120,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""},{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""onedscolprdwus09.westus.cloudapp.azure.com""},{""dns.answer.name"":""onedscolprdwus09.westus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""20.189.173.10""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:35:32.543 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"v10.events.data.microsoft.com.",1,49069,62233,49069,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBFAD8180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007800382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E657400C03B000500010000003C0029106F6E656473636F6C70726477757330390677657374757308636C6F756461707005617A757265C026C07F0001000100000009000414BDAD0A,"VirtualizationInstance:.","f3b9decb-da1d-4c06-9417-2b479c63cb6b","7/27/2023, 2:35:34.944 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,122,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:35.470 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:37:32.724 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,62617,51683,62617,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF499010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","baa2e4e7-c7bc-4e22-8cdf-d10062d42fde","7/27/2023, 2:37:34.740 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:35.470 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:37:32.724 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,62617,51683,62617,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF499818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:37:34.740 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:35.470 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:37:32.724 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,62617,51683,62617,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF499818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:37:34.740 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:35.470 PM",,,,,,,,,,,,,,,,,,62617,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:37:32.725 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,10220,0,10220,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x27EC0000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","baa2e4e7-c7bc-4e22-8cdf-d10062d42fde","7/27/2023, 2:37:34.740 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.16.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:35.470 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:37:32.761 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.16.39",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,10220,0,10220,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x27EC8000000100000006000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C023000200010000012C0014076E73312D32303109617A7572652D646E73C03DC023000200010000012C0017076E73322D32303109617A7572652D646E73036E657400C023000200010000012C0018086E7331312D32303109617A7572652D646E73036F726700C023000200010000012C0019086E7331322D32303109617A7572652D646E7304696E666F00C023000200010000012C000B086E7331302D323031C07AC023000200010000012C000A076E73392D323031C05A00002904D0000000000000,".","baa2e4e7-c7bc-4e22-8cdf-d10062d42fde","7/27/2023, 2:37:34.740 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-201.azure-dns.com""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-201.azure-dns.org""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-201.azure-dns.info""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-201.azure-dns.com""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:35.470 PM",,,,,,,,,,,,,,,,,,62617,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:37:32.762 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,15337,0,15337,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3BE90000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","baa2e4e7-c7bc-4e22-8cdf-d10062d42fde","7/27/2023, 2:37:34.740 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:35.470 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:37:32.790 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,15337,0,15337,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3BE98400000100010000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADE00002904D0000000000000,".","baa2e4e7-c7bc-4e22-8cdf-d10062d42fde","7/27/2023, 2:37:34.740 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:35.470 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":175,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":175,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:37:32.790 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,62617,51683,62617,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF499818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000AF0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000AF002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADE,"VirtualizationInstance:.","baa2e4e7-c7bc-4e22-8cdf-d10062d42fde","7/27/2023, 2:37:34.740 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,66,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:35:29.231 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,35810,57919,35810,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8BE2010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","09d7bc57-637e-4056-86f8-962814546990","7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,35810,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:35:29.232 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,37139,0,37139,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9113000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","09d7bc57-637e-4056-86f8-962814546990","7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.16.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:35:29.261 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.16.39",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,37139,0,37139,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9113800000010000000400012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C031000200010000012C0013066E73312D303109617A7572652D646E73C046C031000200010000012C0016066E73322D303109617A7572652D646E73036E657400C031000200010000012C0016066E73332D303109617A7572652D646E73036F726700C031000200010000012C0017066E73342D303109617A7572652D646E7304696E666F0000002904D0000000000000,".","09d7bc57-637e-4056-86f8-962814546990","7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-01.azure-dns.com""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-01.azure-dns.net""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns3-01.azure-dns.org""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns4-01.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,35810,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:35:29.262 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,29697,0,29697,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7401000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","09d7bc57-637e-4056-86f8-962814546990","7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:35:29.288 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,29697,0,29697,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x7401840000010001000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E65740000002904D0000000000000,".","09d7bc57-637e-4056-86f8-962814546990","7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:35:29.288 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,35810,57919,35810,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8BE2818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:35:29.289 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"tm1.edgedns-tm.info.",1,65511,0,65511,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFFE70000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","208.84.5.4",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""tm1.edgedns-tm.info"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""13.107.222.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:35:29.317 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","208.84.5.4",,"tm1.edgedns-tm.info.",1,65511,0,65511,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xFFE78400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,35810,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:35:29.317 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"opinsightsweuods.trafficmanager.NET.",1,7091,0,7091,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1BB300000001000000000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","09d7bc57-637e-4056-86f8-962814546990","7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""opinsightsweuods.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:35:29.349 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"opinsightsweuods.trafficmanager.NET.",1,7091,0,7091,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1BB384000001000100000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E45540000010001C00C000500010000012C003616697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","09d7bc57-637e-4056-86f8-962814546990","7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:35:29.349 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,35810,57919,35810,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8BE2818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,35810,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:35:29.349 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,33814,0,33814,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x84160000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","09d7bc57-637e-4056-86f8-962814546990","7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:35:29.376 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,33814,0,33814,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x84168400000100010000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADE00002904D0000000000000,".","09d7bc57-637e-4056-86f8-962814546990","7/27/2023, 2:35:31.257 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:35:32.452 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":299,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":299,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:35:29.377 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,35810,57919,35810,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8BE2818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012B0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000012B002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADE,"VirtualizationInstance:.","09d7bc57-637e-4056-86f8-962814546990","7/27/2023, 2:35:31.773 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,146,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:46.219 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:37:43.498 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,58568,61739,58568,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE4C8010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","6858e8ab-48ab-4d89-9468-81fd58dcb082","7/27/2023, 2:37:45.568 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:46.219 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:37:43.498 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,58568,61739,58568,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE4C8818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:37:45.568 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:46.219 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:37:43.498 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,58568,61739,58568,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE4C8818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:37:45.568 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:46.219 PM",,,,,,,,,,,,,,,,,,58568,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:37:43.499 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,60778,0,60778,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xED6A0000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","6858e8ab-48ab-4d89-9468-81fd58dcb082","7/27/2023, 2:37:45.568 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:46.219 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:37:43.529 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,60778,0,60778,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xED6A8400000100010000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADE00002904D0000000000000,".","6858e8ab-48ab-4d89-9468-81fd58dcb082","7/27/2023, 2:37:45.568 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:37:46.219 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":165,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":165,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:37:43.529 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,58568,61739,58568,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE4C8818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000A50025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000A5002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADE,"VirtualizationInstance:.","6858e8ab-48ab-4d89-9468-81fd58dcb082","7/27/2023, 2:37:45.568 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,32,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:42:03.919 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:42:01.198 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,45334,54472,45334,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB116010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","3dec1592-db83-456d-9514-3e2c09ed07e6","7/27/2023, 2:42:03.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:42:03.919 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:42:01.198 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,45334,54472,45334,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB116818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:42:03.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:42:03.919 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:42:01.198 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,45334,54472,45334,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB116818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:42:03.209 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:42:03.919 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":281,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":281,""dns.answer.data"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":2,""dns.answer.data"":""104.40.170.64""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:42:01.198 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,45334,54472,45334,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB116818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000001190025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000119002D16697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F7564617070C040C08C000100010000000200046828AA40,"VirtualizationInstance:.","3dec1592-db83-456d-9514-3e2c09ed07e6","7/27/2023, 2:42:03.725 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:46.124 PM",,,,,,,,,,,,,,,,,,38767,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:43.565 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"login.live.com.",1,18294,0,18294,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""login.live.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x477600000001000000000001056C6F67696E046C69766503636F6D00000100010000290FA0000000000000,".","5ce79a14-8724-4a01-84cc-2d1021c58bda","7/27/2023, 2:46:45.572 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.34",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""login.live.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""login.msa.msidentity.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:43.596 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.34",,"login.live.com.",1,18294,0,18294,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""login.live.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x477684000001000100000001056C6F67696E046C69766503636F6D0000010001C00C000500010000012C0017056C6F67696E036D73610A6D736964656E74697479C01700002904D0000000000000,".","5ce79a14-8724-4a01-84cc-2d1021c58bda","7/27/2023, 2:46:46.576 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:43.596 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"login.msa.msidentity.com.",1,38767,57920,38767,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""login.live.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x976F81800001000100000000056C6F67696E046C69766503636F6D0000010001,,,"7/27/2023, 2:46:46.576 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,38767,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:43.596 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"login.msa.msidentity.com.",1,51016,0,51016,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""login.msa.msidentity.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC74800000001000000000001056C6F67696E036D73610A6D736964656E7469747903636F6D00000100010000290FA0000000000000,".","5ce79a14-8724-4a01-84cc-2d1021c58bda","7/27/2023, 2:46:46.576 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.206.36",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""login.msa.msidentity.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""www.tm.lg.prod.aadmsa.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:43.628 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.206.36",,"login.msa.msidentity.com.",1,51016,0,51016,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""login.msa.msidentity.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC74884000001000100000001056C6F67696E036D73610A6D736964656E7469747903636F6D0000010001C00C000500010000012C002A0377777702746D026C670470726F64066161646D73610E747261666669636D616E61676572036E65740000002904D0000000000000,".","5ce79a14-8724-4a01-84cc-2d1021c58bda","7/27/2023, 2:46:46.576 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:43.628 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"www.tm.lg.prod.aadmsa.trafficmanager.net.",1,38767,57920,38767,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""login.live.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x976F81800001000200000000056C6F67696E046C69766503636F6D0000010001,,,"7/27/2023, 2:46:46.576 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:43.628 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"tm1.edgedns-tm.info.",1,30604,0,30604,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x778C0000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:46:46.576 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.206.36",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""tm1.edgedns-tm.info"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""13.107.222.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:43.655 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.206.36",,"tm1.edgedns-tm.info.",1,30604,0,30604,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x778C8400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:46:46.576 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,38767,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:43.655 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"www.tm.lg.prod.aadmsa.trafficmanager.NET.",1,45765,0,45765,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""www.tm.lg.prod.aadmsa.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB2C5000000010000000000010377777702746D026C670470726F64066161646D73610E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","5ce79a14-8724-4a01-84cc-2d1021c58bda","7/27/2023, 2:46:46.576 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""www.tm.lg.prod.aadmsa.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""prdv4a.aadg.msidentity.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:43.690 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"www.tm.lg.prod.aadmsa.trafficmanager.NET.",1,45765,0,45765,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""www.tm.lg.prod.aadmsa.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB2C5840000010001000000010377777702746D026C670470726F64066161646D73610E747261666669636D616E61676572034E45540000010001C00C000500010000012C001C0670726476346104616164670A6D736964656E7469747903636F6D0000002904D0000000000000,".","5ce79a14-8724-4a01-84cc-2d1021c58bda","7/27/2023, 2:46:46.576 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:43.691 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"prdv4a.aadg.msidentity.com.",1,38767,57920,38767,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""login.live.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x976F81800001000300000000056C6F67696E046C69766503636F6D0000010001,,,"7/27/2023, 2:46:46.582 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,38767,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:43.691 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"prdv4a.aadg.msidentity.com.",1,4973,0,4973,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""prdv4a.aadg.msidentity.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x136D000000010000000000010670726476346104616164670A6D736964656E7469747903636F6D00000100010000290FA0000000000000,".","5ce79a14-8724-4a01-84cc-2d1021c58bda","7/27/2023, 2:46:46.582 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","95.100.173.64",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""prdv4a.aadg.msidentity.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""www.tm.v4.a.prd.aadg.akadns.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:43.721 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","95.100.173.64",,"prdv4a.aadg.msidentity.com.",1,4973,0,4973,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""prdv4a.aadg.msidentity.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x136D840000010001000000010670726476346104616164670A6D736964656E7469747903636F6D0000010001C00C000500010000012C00210377777702746D027634016103707264046161646706616B61646E73036E6574000000291000000000000000,".","5ce79a14-8724-4a01-84cc-2d1021c58bda","7/27/2023, 2:46:46.582 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:43.721 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"www.tm.v4.a.prd.aadg.akadns.net.",1,38767,57920,38767,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""login.live.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x976F81800001000400000000056C6F67696E046C69766503636F6D0000010001,,,"7/27/2023, 2:46:46.583 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,38767,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:43.721 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"www.tm.v4.a.prd.aadg.akadns.NET.",1,63686,0,63686,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""www.tm.v4.a.prd.aadg.akadns.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF8C6000000010000000000010377777702746D027634016103707264046161646706616B61646E73034E455400000100010000290FA0000000000000,".","5ce79a14-8724-4a01-84cc-2d1021c58bda","7/27/2023, 2:46:46.583 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","84.53.139.129",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,5,".",Default,"[{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""20.190.159.68""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""40.126.31.67""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""20.190.159.71""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""40.126.31.73""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""40.126.31.69""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""20.190.159.2""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""20.190.159.23""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""20.190.159.64""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:43.772 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","84.53.139.129",,"www.tm.v4.a.prd.aadg.akadns.NET.",1,63686,0,63686,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""www.tm.v4.a.prd.aadg.akadns.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF8C6840000010008000000010377777702746D027634016103707264046161646706616B61646E73034E45540000010001C00C000100010000012C000414BE9F44C00C000100010000012C0004287E1F43C00C000100010000012C000414BE9F47C00C000100010000012C0004287E1F49C00C000100010000012C0004287E1F45C00C000100010000012C000414BE9F02C00C000100010000012C000414BE9F17C00C000100010000012C000414BE9F400000291000000000000000,".","5ce79a14-8724-4a01-84cc-2d1021c58bda","7/27/2023, 2:46:46.584 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""login.live.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""login.msa.msidentity.com""},{""dns.answer.name"":""login.msa.msidentity.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""www.tm.lg.prod.aadmsa.trafficmanager.net""},{""dns.answer.name"":""www.tm.lg.prod.aadmsa.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""prdv4a.aadg.msidentity.com""},{""dns.answer.name"":""prdv4a.aadg.msidentity.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""www.tm.v4.a.prd.aadg.akadns.net""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""20.190.159.68""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""40.126.31.67""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""20.190.159.71""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""40.126.31.73""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""40.126.31.69""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""20.190.159.2""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""20.190.159.23""},{""dns.answer.name"":""www.tm.v4.a.prd.aadg.akadns.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""20.190.159.64""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:46:43.772 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"login.live.com.",1,38767,57920,38767,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""login.live.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x976F81800001000C00000000056C6F67696E046C69766503636F6D0000010001C00C000500010000012C0017056C6F67696E036D73610A6D736964656E74697479C017C02C000500010000012C002A0377777702746D026C670470726F64066161646D73610E747261666669636D616E61676572036E657400C04F000500010000012C000E067072647634610461616467C036C085000500010000012C001E0377777702746D027634016103707264046161646706616B61646E73C074C09F000100010000012C000414BE9F44C09F000100010000012C0004287E1F43C09F000100010000012C000414BE9F47C09F000100010000012C0004287E1F49C09F000100010000012C0004287E1F45C09F000100010000012C000414BE9F02C09F000100010000012C000414BE9F17C09F000100010000012C000414BE9F40,"VirtualizationInstance:.","5ce79a14-8724-4a01-84cc-2d1021c58bda","7/27/2023, 2:46:46.584 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,209,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:46:43.841 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"ocsp.digicert.com.",1,51391,51669,51391,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ocsp.digicert.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC8BF01000001000000000000046F63737008646967696365727403636F6D0000010001,".","c7497d90-fb7f-4ae0-b88b-6503ce7c440e","7/27/2023, 2:46:46.584 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:43.841 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ocsp.edge.digicert.com.",1,51391,51669,51391,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""ocsp.digicert.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC8BF81800001000100000000046F63737008646967696365727403636F6D0000010001,,,"7/27/2023, 2:46:46.584 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:43.841 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"fp2e7a.wpc.2be4.phicdn.net.",1,51391,51669,51391,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""ocsp.digicert.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC8BF81800001000200000000046F63737008646967696365727403636F6D0000010001,,,"7/27/2023, 2:46:46.585 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:43.841 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"fp2e7a.wpc.phicdn.net.",1,51391,51669,51391,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""ocsp.digicert.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC8BF81800001000300000000046F63737008646967696365727403636F6D0000010001,,,"7/27/2023, 2:46:46.585 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""ocsp.digicert.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":19673,""dns.answer.data"":""ocsp.edge.digicert.com""},{""dns.answer.name"":""ocsp.edge.digicert.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1673,""dns.answer.data"":""fp2e7a.wpc.2be4.phicdn.net""},{""dns.answer.name"":""fp2e7a.wpc.2be4.phicdn.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1673,""dns.answer.data"":""fp2e7a.wpc.phicdn.net""},{""dns.answer.name"":""fp2e7a.wpc.phicdn.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1673,""dns.answer.data"":""192.229.221.95""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:46:43.841 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"ocsp.digicert.com.",1,51391,51669,51391,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""ocsp.digicert.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC8BF81800001000400000000046F63737008646967696365727403636F6D0000010001C00C0005000100004CD9000C046F6373700465646765C011C02F0005000100000689001C066670326537610377706304326265340670686963646E036E657400C0470005000100000689000D0666703265376103777063C057C06F00010001000006890004C0E5DD5F,"VirtualizationInstance:.","c7497d90-fb7f-4ae0-b88b-6503ce7c440e","7/27/2023, 2:46:46.585 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:46:44.606 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"checkappexec.microsoft.com.",1,6671,64967,6671,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""checkappexec.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1A0F010000010000000000000C636865636B61707065786563096D6963726F736F667403636F6D0000010001,".","eb7774bb-71f9-4cd2-87fd-2c04122ea94c","7/27/2023, 2:46:46.585 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,6671,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:44.607 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"checkappexec.microsoft.com.",1,19045,0,19045,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""checkappexec.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x4A65000000010000000000010C636865636B61707065786563096D6963726F736F667403636F6D00000100010000290FA0000000000000,".","eb7774bb-71f9-4cd2-87fd-2c04122ea94c","7/27/2023, 2:46:46.585 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""checkappexec.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3600,""dns.answer.data"":""wd-prod-ss.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:44.633 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.39",,"checkappexec.microsoft.com.",1,19045,0,19045,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""checkappexec.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x4A65840000010001000000010C636865636B61707065786563096D6963726F736F667403636F6D0000010001C00C0005000100000E10001F0A77642D70726F642D73730E747261666669636D616E61676572036E65740000002904D0000000000000,".","eb7774bb-71f9-4cd2-87fd-2c04122ea94c","7/27/2023, 2:46:46.585 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:44.634 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"wd-prod-ss.trafficmanager.net.",1,6671,64967,6671,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""checkappexec.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1A0F818000010001000000000C636865636B61707065786563096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:46:46.585 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,6671,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:44.634 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"wd-prod-ss.trafficmanager.NET.",1,3522,0,3522,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wd-prod-ss.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0DC2000000010000000000010A77642D70726F642D73730E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","eb7774bb-71f9-4cd2-87fd-2c04122ea94c","7/27/2023, 2:46:46.585 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""wd-prod-ss.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:44.668 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"wd-prod-ss.trafficmanager.NET.",1,3522,0,3522,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""wd-prod-ss.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0DC2840000010001000000010A77642D70726F642D73730E747261666669636D616E61676572034E45540000010001C00C000500010000012C00391877642D70726F642D73732D65752D6E6F7274682D312D66650B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","eb7774bb-71f9-4cd2-87fd-2c04122ea94c","7/27/2023, 2:46:46.585 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:44.668 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com.",1,6671,64967,6671,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""checkappexec.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1A0F818000010002000000000C636865636B61707065786563096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:46:46.587 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,6671,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:44.669 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com.",1,12356,0,12356,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3044000000010000000000011877642D70726F642D73732D65752D6E6F7274682D312D66650B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","eb7774bb-71f9-4cd2-87fd-2c04122ea94c","7/27/2023, 2:46:46.587 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:46:44.669 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"checkappexec.microsoft.com.",1,6671,64967,6671,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""checkappexec.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1A0F010000010000000000000C636865636B61707065786563096D6963726F736F667403636F6D0000010001,".","e450501e-fe95-4679-88f9-b82a411e2ad1","7/27/2023, 2:46:46.587 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:44.670 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"wd-prod-ss.trafficmanager.net.",1,6671,64967,6671,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""checkappexec.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1A0F818000010001000000000C636865636B61707065786563096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:46:46.587 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:46:44.670 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com.",1,6671,64967,6671,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""checkappexec.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1A0F818000010002000000000C636865636B61707065786563096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:46:46.587 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,3,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:44.702 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com.",1,12356,0,12356,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3044800000010000000400011877642D70726F642D73732D65752D6E6F7274682D312D66650B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D0000010001C025000200010000012C0014076E73392D32303109617A7572652D646E73C040C025000200010000012C0018086E7331302D32303109617A7572652D646E73036E657400C025000200010000012C0018086E7331312D32303109617A7572652D646E73036F726700C025000200010000012C0019086E7331322D32303109617A7572652D646E7304696E666F0000002904D0000000000000,".","eb7774bb-71f9-4cd2-87fd-2c04122ea94c","7/27/2023, 2:46:46.587 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""northeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-201.azure-dns.com""},{""dns.authority.name"":""northeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-201.azure-dns.net""},{""dns.authority.name"":""northeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-201.azure-dns.org""},{""dns.authority.name"":""northeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-201.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,6671,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:46:44.702 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com.",1,53845,0,53845,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD255000000010000000000011877642D70726F642D73732D65752D6E6F7274682D312D66650B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","eb7774bb-71f9-4cd2-87fd-2c04122ea94c","7/27/2023, 2:46:46.587 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.819 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""20.67.143.122""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:46:44.730 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com.",1,53845,0,53845,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD255840000010001000000011877642D70726F642D73732D65752D6E6F7274682D312D66650B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000414438F7A00002904D0000000000000,".","eb7774bb-71f9-4cd2-87fd-2c04122ea94c","7/27/2023, 2:46:46.590 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:47.834 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""checkappexec.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3599,""dns.answer.data"":""wd-prod-ss.trafficmanager.net""},{""dns.answer.name"":""wd-prod-ss.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":299,""dns.answer.data"":""wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com""},{""dns.answer.name"":""wd-prod-ss-eu-north-1-fe.northeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""20.67.143.122""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:46:44.730 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"checkappexec.microsoft.com.",1,6671,64967,6671,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""checkappexec.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1A0F818000010003000000000C636865636B61707065786563096D6963726F736F667403636F6D0000010001C00C0005000100000E0F001F0A77642D70726F642D73730E747261666669636D616E61676572036E657400C038000500010000012B00361877642D70726F642D73732D65752D6E6F7274682D312D66650B6E6F7274686575726F706508636C6F756461707005617A757265C023C0630001000100000009000414438F7A,"VirtualizationInstance:.","eb7774bb-71f9-4cd2-87fd-2c04122ea94c","7/27/2023, 2:46:46.590 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,123,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:40.763 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:39:38.178 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,44970,59066,44970,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAFAA010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","30b6fec0-497c-41d0-a25c-352ba051e987","7/27/2023, 2:39:40.193 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:40.763 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:39:38.178 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,44970,59066,44970,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAFAA818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:39:40.193 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:40.763 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:39:38.179 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,44970,59066,44970,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAFAA818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:39:40.193 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:40.763 PM",,,,,,,,,,,,,,,,,,44970,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:39:38.179 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,23979,0,23979,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5DAB0000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","30b6fec0-497c-41d0-a25c-352ba051e987","7/27/2023, 2:39:40.193 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:40.763 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:39:38.214 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,23979,0,23979,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5DAB8400000100010000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADE00002904D0000000000000,".","30b6fec0-497c-41d0-a25c-352ba051e987","7/27/2023, 2:39:40.193 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:40.763 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":50,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":50,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:39:38.214 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,44970,59066,44970,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAFAA818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000320025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000032002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C000100010000000A000434ECBADE,"VirtualizationInstance:.","30b6fec0-497c-41d0-a25c-352ba051e987","7/27/2023, 2:39:40.696 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,36,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:50.189 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:39:47.571 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,13594,64524,13594,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x351A010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","9a7ed719-cc49-49b7-8a7a-6a870b1ed4e1","7/27/2023, 2:39:49.615 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:50.189 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:39:47.571 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,13594,64524,13594,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x351A818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:39:49.615 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:50.189 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:39:47.571 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,13594,64524,13594,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x351A818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:39:49.615 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:50.189 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":40,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":40,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":0,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:39:47.571 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,13594,64524,13594,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x351A818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000280025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000028002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C0001000100000000000434ECBADE,"VirtualizationInstance:.","9a7ed719-cc49-49b7-8a7a-6a870b1ed4e1","7/27/2023, 2:39:49.615 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,1,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,18304,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",262,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,2,"RECURSE_QUERY ",9223372036854775872,"7/27/2023, 2:47:47.570 PM",2908,3164,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,,"www.bing.com.",1,15158,0,,,,,,,,,,,,,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:49.593 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","2603:1061:0:700::cc",,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:47.571 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"dns1.p09.nsone.NET.",1,55786,0,55786,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""dns1.p09.nsone.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD9EA0000000100000000000104646E733103703039056E736F6E65034E455400000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:47:49.593 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.52.178.30",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,10261,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",262,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,2,"RECURSE_QUERY ",9223372036854775872,"7/27/2023, 2:47:47.571 PM",2908,3164,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,,"onecs-live.azureedge.net.",1,59577,0,,,,,,,,,,,,,".","c1462714-accc-4dc2-a185-1e0c538f0ec9","7/27/2023, 2:47:49.593 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","2606:2800:c::5",,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,10261,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:47.571 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onecs-live.ec.azureedge.NET.",1,59577,0,59577,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onecs-live.ec.azureedge.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE8B9000000010000000000010A6F6E6563732D6C69766502656309617A75726565646765034E455400000100010000290FA0000000000000,".","c1462714-accc-4dc2-a185-1e0c538f0ec9","7/27/2023, 2:47:49.594 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","198.7.29.6",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,10261,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:47.571 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onecs-live.ec.azureedge.NET.",1,59577,0,59577,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onecs-live.ec.azureedge.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE8B9000000010000000000010A6F6E6563732D6C69766502656309617A75726565646765034E455400000100010000290FA0000000000000,".","c1462714-accc-4dc2-a185-1e0c538f0ec9","7/27/2023, 2:47:49.595 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.16.16.6",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""onecs-live.ec.azureedge.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3600,""dns.answer.data"":""cs9.wpc.v0cdn.NET""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:47.594 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","198.7.29.6",,"onecs-live.ec.azureedge.NET.",1,59577,0,59577,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onecs-live.ec.azureedge.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE8B9840000010001000000010A6F6E6563732D6C69766502656309617A75726565646765034E45540000010001C00C0005000100000E100010036373390377706305763063646EC02400002904D0000000000000,".","c1462714-accc-4dc2-a185-1e0c538f0ec9","7/27/2023, 2:47:49.595 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:47:47.594 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"cs9.wpc.v0cdn.net.",1,10261,51485,10261,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""onecs-live.azureedge.net"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2815818000010002000000000A6F6E6563732D6C69766509617A75726565646765036E65740000010001,,,"7/27/2023, 2:47:49.595 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,10261,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:47.595 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"cs9.wpc.v0cdn.NET.",1,56436,0,56436,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""cs9.wpc.v0cdn.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xDC7400000001000000000001036373390377706305763063646E034E455400000100010000290FA0000000000000,".","c1462714-accc-4dc2-a185-1e0c538f0ec9","7/27/2023, 2:47:49.595 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","72.21.80.6",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,,0,".",Default,"[{""dns.answer.name"":""onecs-live.ec.azureedge.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3600,""dns.answer.data"":""cs9.wpc.v0cdn.NET""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:47.596 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","192.16.16.6",,"onecs-live.ec.azureedge.NET.",1,59577,0,59577,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onecs-live.ec.azureedge.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE8B9840000010001000000010A6F6E6563732D6C69766502656309617A75726565646765034E45540000010001C00C0005000100000E100010036373390377706305763063646EC02400002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:47:49.599 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:47:47.596 PM",2908,4024,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","192.16.16.6",,"onecs-live.ec.azureedge.NET.",1,59577,,,,,,,,,,,,,,".",,"7/27/2023, 2:47:49.599 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,NULL,NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""dns1.p01.nsone.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""198.51.44.1""},{""dns.additional.name"":""dns1.p01.nsone.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2620:4d:4000:6259:7:1:0:1""},{""dns.additional.name"":""dns2.p01.nsone.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""198.51.45.1""},{""dns.additional.name"":""dns2.p01.nsone.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2a00:edc0:6259:7:1::2""},{""dns.additional.name"":""dns3.p01.nsone.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""198.51.44.65""},{""dns.additional.name"":""dns3.p01.nsone.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2620:4d:4000:6259:7:1:0:3""},{""dns.additional.name"":""dns4.p01.nsone.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""198.51.45.65""},{""dns.additional.name"":""dns4.p01.nsone.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2a00:edc0:6259:7:1::4""}]",,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:47.611 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","192.52.178.30",,"dns1.p09.nsone.NET.",1,55786,0,55786,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""dns1.p09.nsone.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD9EA8000000100000004000904646E733103703039056E736F6E65034E45540000010001C015000200010002A300000B04646E733103703031C015C015000200010002A300000704646E7332C035C015000200010002A300000704646E7333C035C015000200010002A300000704646E7334C035C030000100010002A3000004C6332C01C030001C00010002A30000102620004D400062590007000100000001C047000100010002A3000004C6332D01C047001C00010002A30000102A00EDC0625900070001000000000002C05A000100010002A3000004C6332C41C05A001C00010002A30000102620004D400062590007000100000003C06D000100010002A3000004C6332D41C06D001C00010002A30000102A00EDC06259000700010000000000040000291000000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:47:49.599 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""nsone.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""dns1.p01.nsone.NET""},{""dns.authority.name"":""nsone.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""dns2.p01.nsone.NET""},{""dns.authority.name"":""nsone.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""dns3.p01.nsone.NET""},{""dns.authority.name"":""nsone.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""dns4.p01.nsone.NET""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:47.611 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"dns1.p09.nsone.NET.",1,28803,0,28803,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""dns1.p09.nsone.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x70830000000100000000000104646E733103703039056E736F6E65034E455400000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:47:49.600 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","198.51.45.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,,5,".",Default,"[{""dns.answer.name"":""cs9.wpc.v0cdn.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3600,""dns.answer.data"":""152.199.19.161""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:47.620 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","72.21.80.6",,"cs9.wpc.v0cdn.NET.",1,56436,0,56436,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""cs9.wpc.v0cdn.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xDC7484000001000100000001036373390377706305763063646E034E45540000010001C00C0001000100000E10000498C713A100002904D0000000000000,".","c1462714-accc-4dc2-a185-1e0c538f0ec9","7/27/2023, 2:47:49.600 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""onecs-live.azureedge.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1800,""dns.answer.data"":""onecs-live.ec.azureedge.net""},{""dns.answer.name"":""onecs-live.ec.azureedge.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3596,""dns.answer.data"":""cs9.wpc.v0cdn.net""},{""dns.answer.name"":""cs9.wpc.v0cdn.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":3596,""dns.answer.data"":""152.199.19.161""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:47:47.620 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"onecs-live.azureedge.net.",1,10261,51485,10261,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""onecs-live.azureedge.net"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2815818000010003000000000A6F6E6563732D6C69766509617A75726565646765036E65740000010001C00C000500010000070800100A6F6E6563732D6C697665026563C017C0360005000100000E0C0010036373390377706305763063646EC021C0520001000100000E0C000498C713A1,"VirtualizationInstance:.","c1462714-accc-4dc2-a185-1e0c538f0ec9","7/27/2023, 2:47:49.600 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,3490,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""dns1.p09.nsone.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":86400,""dns.answer.data"":""198.51.44.9""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:47.646 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","198.51.45.1",,"dns1.p09.nsone.NET.",1,28803,0,28803,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""dns1.p09.nsone.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x70838400000100010000000104646E733103703039056E736F6E65034E45540000010001C00C00010001000151800004C6332C0900002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:47:49.600 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,18304,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:47.646 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"www.bing.com.",1,13965,0,13965,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""www.bing.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x368D00000001000000000001037777770462696E6703636F6D00000100010000290FA0000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:49.601 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","198.51.44.9",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""www.bing.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":21600,""dns.answer.data"":""www-www.bing.com.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:47.682 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","198.51.44.9",,"www.bing.com.",1,13965,0,13965,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""www.bing.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x368D84000001000100000001037777770462696E6703636F6D0000010001C00C00050001000054600025077777772D7777770462696E6703636F6D0E747261666669636D616E61676572036E65740000002904D0000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:49.601 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:47:47.682 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"www-www.bing.com.trafficmanager.net.",1,18304,65139,18304,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""www.bing.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x478081800001000100000000037777770462696E6703636F6D0000010001,,,"7/27/2023, 2:47:49.601 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,18304,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:47.683 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"www-www.bing.com.trafficmanager.NET.",1,27798,0,27798,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""www-www.bing.com.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6C9600000001000000000001077777772D7777770462696E6703636F6D0E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:49.601 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""www-www.bing.com.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""www.bing.com.edgekey.NET""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:47.714 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"www-www.bing.com.trafficmanager.NET.",1,27798,0,27798,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""www-www.bing.com.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6C9684000001000100000001077777772D7777770462696E6703636F6D0E747261666669636D616E61676572034E45540000010001C00C000500010000003C0017037777770462696E6703636F6D07656467656B6579C02C00002904D0000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:50.106 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:47:47.714 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"www.bing.com.edgekey.net.",1,18304,65139,18304,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""www.bing.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x478081800001000200000000037777770462696E6703636F6D0000010001,,,"7/27/2023, 2:47:50.106 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:50.383 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:47:47.714 PM",2908,4028,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","2600:1401:1::41",,"www.bing.com.edgekey.NET.",1,12559,,,,,,,,,,,,,,".",,"7/27/2023, 2:47:50.106 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,"..Cache",NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:46:45.190 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:46:43.563 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"login.live.com.",1,38767,57920,38767,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""login.live.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x976F01000001000000000000056C6F67696E046C69766503636F6D0000010001,".","5ce79a14-8724-4a01-84cc-2d1021c58bda","7/27/2023, 2:46:44.572 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:56.957 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:39:54.320 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,41371,50824,41371,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA19B010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","4eae7388-28c0-4726-bde6-54a0f79e7da8","7/27/2023, 2:39:56.349 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:56.957 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:39:54.320 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,41371,50824,41371,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA19B818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:39:56.349 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:56.957 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:39:54.320 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,41371,50824,41371,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA19B818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:39:56.349 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:56.957 PM",,,,,,,,,,,,,,,,,,41371,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:39:54.321 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,20044,0,20044,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x4E4C0000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","4eae7388-28c0-4726-bde6-54a0f79e7da8","7/27/2023, 2:39:56.349 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:56.957 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:39:54.358 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,20044,0,20044,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x4E4C8400000100010000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADE00002904D0000000000000,".","4eae7388-28c0-4726-bde6-54a0f79e7da8","7/27/2023, 2:39:56.850 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:39:56.957 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":34,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":34,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:39:54.358 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,41371,50824,41371,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA19B818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000220025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000022002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADE,"VirtualizationInstance:.","4eae7388-28c0-4726-bde6-54a0f79e7da8","7/27/2023, 2:39:56.850 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,39,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:55.321 PM",,,,,,,,,,,,,,,,,,18304,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",262,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,2,"RECURSE_QUERY ",9223372036854775872,"7/27/2023, 2:47:52.098 PM",2908,3164,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,,"www.bing.com.",1,3889,0,,,,,,,,,,,,,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:54.112 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","2600:1401:1::41",,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:55.321 PM",,,,,,,,,,,,,,,,,,18304,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:52.099 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"www.bing.com.edgekey.NET.",1,3889,0,3889,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""www.bing.com.edgekey.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0F3100000001000000000001037777770462696E6703636F6D07656467656B6579034E455400000100010000290FA0000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:54.113 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","193.108.91.66",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:55.321 PM",,,,,,,,,,,,,,,,,,18304,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:52.099 PM",2908,3164,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"www.bing.com.edgekey.NET.",1,3889,0,3889,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""www.bing.com.edgekey.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0F3100000001000000000001037777770462696E6703636F6D07656467656B6579034E455400000100010000290FA0000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:54.113 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","95.100.173.65",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:55.321 PM",,,,,,,,,,,,,,,,,,,6,".",Default,"[{""dns.answer.name"":""www.bing.com.edgekey.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":21600,""dns.answer.data"":""e86303.dscx.akamaiedge.NET""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:52.122 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","193.108.91.66",,"www.bing.com.edgekey.NET.",1,3889,0,3889,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""www.bing.com.edgekey.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0F3184000001000100000001037777770462696E6703636F6D07656467656B6579034E45540000010001C00C000500010000546000190665383633303304647363780A616B616D616965646765C0210000291000000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:54.113 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:55.321 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:47:52.122 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"e86303.dscx.akamaiedge.net.",1,18304,65139,18304,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""www.bing.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x478081800001000300000000037777770462696E6703636F6D0000010001,,,"7/27/2023, 2:47:54.113 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:55.321 PM",,,,,,,,,,,,,,,,,,18304,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:52.123 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"e86303.dscx.akamaiedge.NET.",1,8407,0,8407,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""e86303.dscx.akamaiedge.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x20D7000000010000000000010665383633303304647363780A616B616D616965646765034E455400000100010000290FA0000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:54.119 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","184.26.160.192",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:55.321 PM",,,,,,,,,,,,,,,,,,,0,".",Default,"[{""dns.answer.name"":""www.bing.com.edgekey.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":21600,""dns.answer.data"":""e86303.dscx.akamaiedge.NET""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:52.131 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","95.100.173.65",,"www.bing.com.edgekey.NET.",1,3889,0,3889,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""www.bing.com.edgekey.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0F3184000001000100000001037777770462696E6703636F6D07656467656B6579034E45540000010001C00C000500010000546000190665383633303304647363780A616B616D616965646765C0210000291000000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:47:54.120 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:55.321 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:47:52.131 PM",2908,4028,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","95.100.173.65",,"www.bing.com.edgekey.NET.",1,3889,,,,,,,,,,,,,,".",,"7/27/2023, 2:47:54.120 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,NULL,NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:55.321 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""n4dscx.akamaiedge.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""104.96.91.53""},{""dns.additional.name"":""n0dscx.akamaiedge.NET"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""2600:1480:e800::c0""},{""dns.additional.name"":""n6dscx.akamaiedge.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""104.96.91.52""},{""dns.additional.name"":""n0dscx.akamaiedge.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""88.221.81.192""},{""dns.additional.name"":""n7dscx.akamaiedge.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""104.96.91.116""},{""dns.additional.name"":""n5dscx.akamaiedge.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""95.100.146.28""},{""dns.additional.name"":""n2dscx.akamaiedge.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""104.96.91.118""},{""dns.additional.name"":""n3dscx.akamaiedge.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""2.18.41.182""},{""dns.additional.name"":""n1dscx.akamaiedge.NET"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":4000,""dns.additional.data"":""104.96.91.95""}]",,7,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:52.159 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","184.26.160.192",,"e86303.dscx.akamaiedge.NET.",1,8407,0,8407,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""e86303.dscx.akamaiedge.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x20D78000000100000008000A0665383633303304647363780A616B616D616965646765034E45540000010001C0130002000100000FA00009066E3164736378C018C0130002000100000FA00009066E3064736378C018C0130002000100000FA00009066E3664736378C018C0130002000100000FA00009066E3464736378C018C0130002000100000FA00009066E3764736378C018C0130002000100000FA00009066E3264736378C018C0130002000100000FA00009066E3564736378C018C0130002000100000FA00009066E3364736378C018C0770001000100000FA0000468605B35C04D001C000100000FA0001026001480E800000000000000000000C0C0620001000100000FA0000468605B34C04D0001000100000FA0000458DD51C0C08C0001000100000FA0000468605B74C0B60001000100000FA000045F64921CC0A10001000100000FA0000468605B76C0CB0001000100000FA00004021229B6C0380001000100000FA0000468605B5F0000291000000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:54.120 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""dscx.akamaiedge.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n1dscx.akamaiedge.NET""},{""dns.authority.name"":""dscx.akamaiedge.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n0dscx.akamaiedge.NET""},{""dns.authority.name"":""dscx.akamaiedge.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n6dscx.akamaiedge.NET""},{""dns.authority.name"":""dscx.akamaiedge.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n4dscx.akamaiedge.NET""},{""dns.authority.name"":""dscx.akamaiedge.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n7dscx.akamaiedge.NET""},{""dns.authority.name"":""dscx.akamaiedge.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n2dscx.akamaiedge.NET""},{""dns.authority.name"":""dscx.akamaiedge.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n5dscx.akamaiedge.NET""},{""dns.authority.name"":""dscx.akamaiedge.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":4000,""dns.authority.data"":""n3dscx.akamaiedge.NET""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:55.321 PM",,,,,,,,,,,,,,,,,,18304,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:52.159 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"e86303.dscx.akamaiedge.NET.",1,29107,0,29107,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""e86303.dscx.akamaiedge.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x71B3000000010000000000010665383633303304647363780A616B616D616965646765034E455400000100010000290FA0000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:54.120 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","104.96.91.116",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:55.321 PM",,,,,,,,,,,,,,,,,,,8,".",Default,"[{""dns.answer.name"":""e86303.dscx.akamaiedge.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":20,""dns.answer.data"":""88.221.92.185""},{""dns.answer.name"":""e86303.dscx.akamaiedge.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":20,""dns.answer.data"":""88.221.92.191""},{""dns.answer.name"":""e86303.dscx.akamaiedge.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":20,""dns.answer.data"":""88.221.92.178""},{""dns.answer.name"":""e86303.dscx.akamaiedge.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":20,""dns.answer.data"":""88.221.92.175""},{""dns.answer.name"":""e86303.dscx.akamaiedge.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":20,""dns.answer.data"":""88.221.92.137""},{""dns.answer.name"":""e86303.dscx.akamaiedge.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":20,""dns.answer.data"":""88.221.92.134""},{""dns.answer.name"":""e86303.dscx.akamaiedge.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":20,""dns.answer.data"":""88.221.92.132""},{""dns.answer.name"":""e86303.dscx.akamaiedge.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":20,""dns.answer.data"":""88.221.92.193""},{""dns.answer.name"":""e86303.dscx.akamaiedge.NET"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":20,""dns.answer.data"":""88.221.92.179""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:52.182 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","104.96.91.116",,"e86303.dscx.akamaiedge.NET.",1,29107,0,29107,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""e86303.dscx.akamaiedge.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x71B3840000010009000000010665383633303304647363780A616B616D616965646765034E45540000010001C00C0001000100000014000458DD5CB9C00C0001000100000014000458DD5CBFC00C0001000100000014000458DD5CB2C00C0001000100000014000458DD5CAFC00C0001000100000014000458DD5C89C00C0001000100000014000458DD5C86C00C0001000100000014000458DD5C84C00C0001000100000014000458DD5CC1C00C0001000100000014000458DD5CB30000291000000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:54.120 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:55.321 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""www.bing.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":21596,""dns.answer.data"":""www-www.bing.com.trafficmanager.net""},{""dns.answer.name"":""www-www.bing.com.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":56,""dns.answer.data"":""www.bing.com.edgekey.net""},{""dns.answer.name"":""www.bing.com.edgekey.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":21592,""dns.answer.data"":""e86303.dscx.akamaiedge.net""},{""dns.answer.name"":""e86303.dscx.akamaiedge.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":12,""dns.answer.data"":""88.221.92.185""},{""dns.answer.name"":""e86303.dscx.akamaiedge.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":12,""dns.answer.data"":""88.221.92.191""},{""dns.answer.name"":""e86303.dscx.akamaiedge.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":12,""dns.answer.data"":""88.221.92.178""},{""dns.answer.name"":""e86303.dscx.akamaiedge.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":12,""dns.answer.data"":""88.221.92.175""},{""dns.answer.name"":""e86303.dscx.akamaiedge.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":12,""dns.answer.data"":""88.221.92.137""},{""dns.answer.name"":""e86303.dscx.akamaiedge.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":12,""dns.answer.data"":""88.221.92.134""},{""dns.answer.name"":""e86303.dscx.akamaiedge.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":12,""dns.answer.data"":""88.221.92.132""},{""dns.answer.name"":""e86303.dscx.akamaiedge.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":12,""dns.answer.data"":""88.221.92.193""},{""dns.answer.name"":""e86303.dscx.akamaiedge.net"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":12,""dns.answer.data"":""88.221.92.179""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:47:52.183 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"www.bing.com.",1,18304,65139,18304,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""www.bing.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x478081800001000C00000000037777770462696E6703636F6D0000010001C00C000500010000545C0025077777772D7777770462696E6703636F6D0E747261666669636D616E61676572036E657400C02A00050001000000380017037777770462696E6703636F6D07656467656B6579C04AC05B000500010000545800190665383633303304647363780A616B616D616965646765C04AC07E000100010000000C000458DD5CB9C07E000100010000000C000458DD5CBFC07E000100010000000C000458DD5CB2C07E000100010000000C000458DD5CAFC07E000100010000000C000458DD5C89C07E000100010000000C000458DD5C86C07E000100010000000C000458DD5C84C07E000100010000000C000458DD5CC1C07E000100010000000C000458DD5CB3,"VirtualizationInstance:.","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:54.120 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,8047,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:47:44.131 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"onecs-live.azureedge.net.",1,10261,51485,10261,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onecs-live.azureedge.net"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2815010000010000000000000A6F6E6563732D6C69766509617A75726565646765036E65740000010001,".","c1462714-accc-4dc2-a185-1e0c538f0ec9","7/27/2023, 2:47:46.147 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,10261,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:44.132 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onecs-live.azureedge.net.",1,32823,0,32823,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onecs-live.azureedge.net"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8037000000010000000000010A6F6E6563732D6C69766509617A75726565646765036E657400000100010000290FA0000000000000,".","c1462714-accc-4dc2-a185-1e0c538f0ec9","7/27/2023, 2:47:46.148 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.21.6",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:47:44.135 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"www.bing.com.",1,18304,65139,18304,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""www.bing.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x478001000001000000000000037777770462696E6703636F6D0000010001,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:46.148 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,18304,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:44.136 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"www.bing.com.",1,57261,0,57261,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""www.bing.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xDFAD00000001000000000001037777770462696E6703636F6D00000100010000290FA0000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:46.148 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","192.54.112.30",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""onecs-live.azureedge.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1800,""dns.answer.data"":""onecs-live.ec.azureedge.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:44.163 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.21.6",,"onecs-live.azureedge.net.",1,32823,0,32823,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onecs-live.azureedge.net"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x8037840000010001000000010A6F6E6563732D6C69766509617A75726565646765036E65740000010001C00C000500010000070800100A6F6E6563732D6C697665026563C01700002904D0000000000000,".","c1462714-accc-4dc2-a185-1e0c538f0ec9","7/27/2023, 2:47:46.148 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:47:44.163 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"onecs-live.ec.azureedge.net.",1,10261,51485,10261,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""onecs-live.azureedge.net"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2815818000010001000000000A6F6E6563732D6C69766509617A75726565646765036E65740000010001,,,"7/27/2023, 2:47:46.148 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,10261,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:44.163 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onecs-live.ec.azureedge.NET.",1,28869,0,28869,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onecs-live.ec.azureedge.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x70C5000000010000000000010A6F6E6563732D6C69766502656309617A75726565646765034E455400000100010000290FA0000000000000,".","c1462714-accc-4dc2-a185-1e0c538f0ec9","7/27/2023, 2:47:46.148 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.21.6",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,"[{""dns.additional.name"":""ns1-204.azure-dns.com"",""dns.additional.type"":""A"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""13.107.236.204""},{""dns.additional.name"":""ns1-204.azure-dns.com"",""dns.additional.type"":""AAAA"",""dns.additional.class"":""IN"",""dns.additional.ttl"":172800,""dns.additional.data"":""2603:1061:0:700::cc""}]",,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:44.171 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","192.54.112.30",,"www.bing.com.",1,57261,0,57261,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""www.bing.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xDFAD80000001000000080003037777770462696E6703636F6D0000010001C010000200010002A300001404646E733103703039056E736F6E65036E657400C010000200010002A300000704646E7332C02FC010000200010002A300000704646E7333C02FC010000200010002A300000704646E7334C02FC010000200010002A3000014076E73312D32303409617A7572652D646E73C015C010000200010002A3000014076E73322D32303409617A7572652D646E73C039C010000200010002A3000018076E73342D32303409617A7572652D646E7304696E666F00C010000200010002A3000017076E73332D32303409617A7572652D646E73036F726700C083000100010002A30000040D6BECCCC083001C00010002A3000010260310610000070000000000000000CC0000291000000000000000,".","a590f6ff-972e-41b9-8044-546573193adc","7/27/2023, 2:47:46.148 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""bing.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""dns1.p09.nsone.net""},{""dns.authority.name"":""bing.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""dns2.p09.nsone.net""},{""dns.authority.name"":""bing.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""dns3.p09.nsone.net""},{""dns.authority.name"":""bing.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""dns4.p09.nsone.net""},{""dns.authority.name"":""bing.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns1-204.azure-dns.com""},{""dns.authority.name"":""bing.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns2-204.azure-dns.net""},{""dns.authority.name"":""bing.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns4-204.azure-dns.info""},{""dns.authority.name"":""bing.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":172800,""dns.authority.data"":""ns3-204.azure-dns.org""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:47:44.171 PM",2908,4024,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","2603:1061:0:700::cc",,"www.bing.com.",1,13883,,,,,,,,,,,,,,".",,"7/27/2023, 2:47:46.148 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,"..Cache",NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,,2,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:44.196 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.21.6",,"onecs-live.ec.azureedge.NET.",1,28869,0,28869,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onecs-live.ec.azureedge.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x70C5800000010000000400010A6F6E6563732D6C69766502656309617A75726565646765034E45540000010001C01700020001000007080012036E73320B6564676563617374646E73C024C01700020001000007080006036E7334C03DC01700020001000007080006036E7333C03DC01700020001000007080006036E7331C03D00002904D0000000000000,".","c1462714-accc-4dc2-a185-1e0c538f0ec9","7/27/2023, 2:47:46.152 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""ec.azureedge.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":1800,""dns.authority.data"":""ns2.edgecastdns.NET""},{""dns.authority.name"":""ec.azureedge.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":1800,""dns.authority.data"":""ns4.edgecastdns.NET""},{""dns.authority.name"":""ec.azureedge.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":1800,""dns.authority.data"":""ns3.edgecastdns.NET""},{""dns.authority.name"":""ec.azureedge.NET"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":1800,""dns.authority.data"":""ns1.edgecastdns.NET""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,System,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",259,0,16,"Microsoft-Windows-DNS-Server/Analytical ",2,"Error ",0,1,"LOOK_UP ",9223372036854775816,"7/27/2023, 2:47:44.196 PM",2908,4024,ERROR,4,ERROR,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,"EXTENDED_INFO|IS_64_BIT_HEADER|PROCESSOR_INDEX (577)",0,"0.0.0.0","2606:2800:c::5",,"onecs-live.ec.azureedge.NET.",1,47592,,,,,,,,,,,,,,".",,"7/27/2023, 2:47:46.152 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,"..Cache",NULL,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:47:44.200 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"www.bing.com.",1,18304,65139,18304,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""www.bing.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x478001000001000000000000037777770462696E6703636F6D0000010001,".","c479567a-5717-445b-97ef-2d22f5a80afd","7/27/2023, 2:47:46.155 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:47:44.689 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"settings-win.data.microsoft.com.",1,6624,59767,6624,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x19E0010000010000000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,".","671629a8-abe2-4620-99b1-044fac2ced73","7/27/2023, 2:47:46.155 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:47:44.689 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"atm-settingsfe-prod-geo2.trafficmanager.net.",1,6624,59767,6624,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x19E0818000010001000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:47:46.155 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,6624,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:44.689 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"atm-settingsfe-prod-geo2.trafficmanager.NET.",1,30458,0,30458,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""atm-settingsfe-prod-geo2.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x76FA000000010000000000011861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","671629a8-abe2-4620-99b1-044fac2ced73","7/27/2023, 2:47:46.155 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""atm-settingsfe-prod-geo2.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""settings-prod-weu-2.westeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:44.719 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"atm-settingsfe-prod-geo2.trafficmanager.NET.",1,30458,0,30458,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""atm-settingsfe-prod-geo2.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x76FA840000010001000000011861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572034E45540000010001C00C000500010000003C00331373657474696E67732D70726F642D7765752D320A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","671629a8-abe2-4620-99b1-044fac2ced73","7/27/2023, 2:47:46.155 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:47:44.719 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"settings-prod-weu-2.westeurope.cloudapp.azure.com.",1,6624,59767,6624,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x19E0818000010002000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:47:46.155 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,6624,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:44.720 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"settings-prod-weu-2.westeurope.cloudapp.azure.com.",1,41167,0,41167,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""settings-prod-weu-2.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA0CF000000010000000000011373657474696E67732D70726F642D7765752D320A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","671629a8-abe2-4620-99b1-044fac2ced73","7/27/2023, 2:47:46.155 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""settings-prod-weu-2.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""20.73.194.208""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:44.747 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"settings-prod-weu-2.westeurope.cloudapp.azure.com.",1,41167,0,41167,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""settings-prod-weu-2.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA0CF840000010001000000011373657474696E67732D70726F642D7765752D320A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00041449C2D000002904D0000000000000,".","671629a8-abe2-4620-99b1-044fac2ced73","7/27/2023, 2:47:46.155 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:46.930 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""settings-win.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1623,""dns.answer.data"":""atm-settingsfe-prod-geo2.trafficmanager.net""},{""dns.answer.name"":""atm-settingsfe-prod-geo2.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":59,""dns.answer.data"":""settings-prod-weu-2.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""settings-prod-weu-2.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""20.73.194.208""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:47:44.747 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"settings-win.data.microsoft.com.",1,6624,59767,6624,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x19E0818000010003000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001C00C0005000100000657002D1861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572036E657400C03D000500010000003B00301373657474696E67732D70726F642D7765752D320A776573746575726F706508636C6F756461707005617A757265C028C076000100010000000900041449C2D0,"VirtualizationInstance:.","671629a8-abe2-4620-99b1-044fac2ced73","7/27/2023, 2:47:46.155 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,58,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:43:58.758 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:43:56.181 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,30027,64710,30027,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x754B010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","e842e3bf-9293-433b-9b0b-1e9f9d4efe9e","7/27/2023, 2:43:58.179 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:43:58.758 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:43:56.181 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,30027,64710,30027,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x754B818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:43:58.179 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:43:58.758 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:43:56.181 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,30027,64710,30027,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x754B818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:43:58.179 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:43:58.758 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":166,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":166,""dns.answer.data"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1,""dns.answer.data"":""104.40.170.64""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:43:56.181 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,30027,64710,30027,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x754B818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000A60025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000A6002D16697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F7564617070C040C08C000100010000000100046828AA40,"VirtualizationInstance:.","e842e3bf-9293-433b-9b0b-1e9f9d4efe9e","7/27/2023, 2:43:58.695 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:47:56.210 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,53054,50512,53054,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xCF3E010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","25b4f245-be58-40f8-9487-9da88008d65d","7/27/2023, 2:47:58.262 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,53054,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:56.210 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,20934,0,20934,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x51C6000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","25b4f245-be58-40f8-9487-9da88008d65d","7/27/2023, 2:47:58.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:56.239 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,20934,0,20934,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x51C6800000010000000400012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C031000200010000012C0013066E73312D303109617A7572652D646E73C046C031000200010000012C0016066E73322D303109617A7572652D646E73036E657400C031000200010000012C0016066E73332D303109617A7572652D646E73036F726700C031000200010000012C0017066E73342D303109617A7572652D646E7304696E666F0000002904D0000000000000,".","25b4f245-be58-40f8-9487-9da88008d65d","7/27/2023, 2:47:58.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-01.azure-dns.com""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-01.azure-dns.net""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns3-01.azure-dns.org""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns4-01.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,53054,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:56.239 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,19192,0,19192,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x4AF8000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","25b4f245-be58-40f8-9487-9da88008d65d","7/27/2023, 2:47:58.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","204.14.183.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:56.268 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","204.14.183.1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,19192,0,19192,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x4AF8840000010001000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E65740000002904D0000000000000,".","25b4f245-be58-40f8-9487-9da88008d65d","7/27/2023, 2:47:58.264 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:47:56.268 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,53054,50512,53054,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xCF3E818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:47:58.266 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,53054,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:56.269 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"opinsightsweuods.trafficmanager.NET.",1,21299,0,21299,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x533300000001000000000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","25b4f245-be58-40f8-9487-9da88008d65d","7/27/2023, 2:47:58.268 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:47:56.274 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,53054,50512,53054,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xCF3E010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","b75070a8-4a74-4c70-8fa2-81c9132815ab","7/27/2023, 2:47:58.269 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:47:56.274 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,53054,50512,53054,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xCF3E818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:47:58.269 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""opinsightsweuods.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:56.298 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"opinsightsweuods.trafficmanager.NET.",1,21299,0,21299,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x533384000001000100000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E45540000010001C00C000500010000012C003616697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","25b4f245-be58-40f8-9487-9da88008d65d","7/27/2023, 2:47:58.272 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:47:56.299 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,53054,50512,53054,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xCF3E818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:47:58.272 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,53054,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:47:56.299 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,28529,0,28529,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6F710000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","25b4f245-be58-40f8-9487-9da88008d65d","7/27/2023, 2:47:58.272 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:47:56.327 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,28529,0,28529,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6F718400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","25b4f245-be58-40f8-9487-9da88008d65d","7/27/2023, 2:47:58.272 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:47:59.222 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:47:56.327 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,53054,50512,53054,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xCF3E818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000012C002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000A00040D456A5E,"VirtualizationInstance:.","25b4f245-be58-40f8-9487-9da88008d65d","7/27/2023, 2:47:58.272 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,117,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:44:09.483 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:44:06.832 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,57600,51555,57600,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE100010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","f8f9e797-30c2-4365-93cc-f6f0802141ea","7/27/2023, 2:44:08.864 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:44:09.483 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:44:06.832 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,57600,51555,57600,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE100818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:44:08.864 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:44:09.483 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:44:06.832 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,57600,51555,57600,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE100818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:44:08.864 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:44:09.483 PM",,,,,,,,,,,,,,,,,,57600,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:44:06.833 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,44828,0,44828,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAF1C0000000100000000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","f8f9e797-30c2-4365-93cc-f6f0802141ea","7/27/2023, 2:44:08.864 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:44:09.483 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""104.40.170.64""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:44:06.861 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com.",1,44828,0,44828,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAF1C8400000100010000000116697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00046828AA4000002904D0000000000000,".","f8f9e797-30c2-4365-93cc-f6f0802141ea","7/27/2023, 2:44:09.365 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:44:09.483 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":155,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":155,""dns.answer.data"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-i.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""104.40.170.64""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:44:06.861 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,57600,51555,57600,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE100818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000009B0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000009B002D16697076342D7765752D6F692D6F64732D637365732D690A776573746575726F706508636C6F7564617070C040C08C000100010000000A00046828AA40,"VirtualizationInstance:.","f8f9e797-30c2-4365-93cc-f6f0802141ea","7/27/2023, 2:44:09.365 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,29,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:12.157 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:48:09.488 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,12372,60874,12372,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3054010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","3dc0a669-d73f-417a-95a3-2f2297e15990","7/27/2023, 2:48:11.514 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:12.157 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:48:09.488 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,12372,60874,12372,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3054818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:48:11.514 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:12.157 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:48:09.488 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,12372,60874,12372,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3054818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:48:11.514 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:12.157 PM",,,,,,,,,,,,,,,,,,12372,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:48:09.488 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,1344,0,1344,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x05400000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","3dc0a669-d73f-417a-95a3-2f2297e15990","7/27/2023, 2:48:11.514 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:12.157 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:48:09.519 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,1344,0,1344,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x05408400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","3dc0a669-d73f-417a-95a3-2f2297e15990","7/27/2023, 2:48:11.514 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:12.157 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":287,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":287,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:48:09.519 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,12372,60874,12372,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3054818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000011F0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000011F002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000900040D456A5E,"VirtualizationInstance:.","3dc0a669-d73f-417a-95a3-2f2297e15990","7/27/2023, 2:48:12.015 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,32,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:48:43.987 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"v10.events.data.microsoft.com.",1,47307,60262,47307,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB8CB0100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,".","97b55408-4070-4092-9ddc-eeea8acb4893","7/27/2023, 2:48:46.002 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,47307,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:48:43.988 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"v10.events.data.microsoft.com.",1,41958,0,41958,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA3E60000000100000000000103763130066576656E74730464617461096D6963726F736F667403636F6D00000100010000290FA0000000000000,".","97b55408-4070-4092-9ddc-eeea8acb4893","7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.16.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":120,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:48:44.016 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.16.39",,"v10.events.data.microsoft.com.",1,41958,0,41958,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA3E68400000100010000000103763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007800382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E65740000002904D0000000000000,".","97b55408-4070-4092-9ddc-eeea8acb4893","7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:48:44.016 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"win-global-asimov-leafs-events-data.trafficmanager.net.",1,47307,60262,47307,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB8CB8180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,47307,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:48:44.017 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,62899,0,62899,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF5B3000000010000000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","97b55408-4070-4092-9ddc-eeea8acb4893","7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""onedscolprdeus05.eastus.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:48:44.045 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,62899,0,62899,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF5B3840000010001000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E45540000010001C00C000500010000003C002C106F6E656473636F6C70726465757330350665617374757308636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","97b55408-4070-4092-9ddc-eeea8acb4893","7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:48:44.045 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"onedscolprdeus05.eastus.cloudapp.azure.com.",1,47307,60262,47307,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB8CB8180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,47307,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:48:44.046 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprdeus05.eastus.cloudapp.azure.com.",1,9253,0,9253,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdeus05.eastus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x242500000001000000000001106F6E656473636F6C70726465757330350665617374757308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","97b55408-4070-4092-9ddc-eeea8acb4893","7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""onedscolprdeus05.eastus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""20.42.65.85""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:48:44.086 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"onedscolprdeus05.eastus.cloudapp.azure.com.",1,9253,0,9253,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdeus05.eastus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x242584000001000100000001106F6E656473636F6C70726465757330350665617374757308636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A0004142A415500002904D0000000000000,".","97b55408-4070-4092-9ddc-eeea8acb4893","7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":120,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""},{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""onedscolprdeus05.eastus.cloudapp.azure.com""},{""dns.answer.name"":""onedscolprdeus05.eastus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""20.42.65.85""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:48:44.086 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"v10.events.data.microsoft.com.",1,47307,60262,47307,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xB8CB8180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007800382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E657400C03B000500010000003C0029106F6E656473636F6C70726465757330350665617374757308636C6F756461707005617A757265C026C07F000100010000000A0004142A4155,"VirtualizationInstance:.","97b55408-4070-4092-9ddc-eeea8acb4893","7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,99,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:48:44.762 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"settings-win.data.microsoft.com.",1,3032,52203,3032,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0BD8010000010000000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,".","55045cc9-bd02-4ea7-a81f-61f612ce1a67","7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:48:44.762 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"atm-settingsfe-prod-geo2.trafficmanager.net.",1,3032,52203,3032,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0BD8818000010001000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,3032,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:48:44.763 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"atm-settingsfe-prod-geo2.trafficmanager.NET.",1,234,0,234,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""atm-settingsfe-prod-geo2.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x00EA000000010000000000011861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","55045cc9-bd02-4ea7-a81f-61f612ce1a67","7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""atm-settingsfe-prod-geo2.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""settings-prod-neu-1.northeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:48:44.797 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"atm-settingsfe-prod-geo2.trafficmanager.NET.",1,234,0,234,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""atm-settingsfe-prod-geo2.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x00EA840000010001000000011861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572034E45540000010001C00C000500010000003C00341373657474696E67732D70726F642D6E65752D310B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","55045cc9-bd02-4ea7-a81f-61f612ce1a67","7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:48:44.797 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"settings-prod-neu-1.northeurope.cloudapp.azure.com.",1,3032,52203,3032,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0BD8818000010002000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:46.904 PM",,,,,,,,,,,,,,,,,,3032,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:48:44.798 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"settings-prod-neu-1.northeurope.cloudapp.azure.com.",1,8552,0,8552,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""settings-prod-neu-1.northeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2168000000010000000000011373657474696E67732D70726F642D6E65752D310B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","55045cc9-bd02-4ea7-a81f-61f612ce1a67","7/27/2023, 2:48:46.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:47.665 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""settings-prod-neu-1.northeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""40.127.240.158""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:48:44.829 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"settings-prod-neu-1.northeurope.cloudapp.azure.com.",1,8552,0,8552,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""settings-prod-neu-1.northeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x2168840000010001000000011373657474696E67732D70726F642D6E65752D310B6E6F7274686575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A0004287FF09E00002904D0000000000000,".","55045cc9-bd02-4ea7-a81f-61f612ce1a67","7/27/2023, 2:48:47.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:47.665 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""settings-win.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":1563,""dns.answer.data"":""atm-settingsfe-prod-geo2.trafficmanager.net""},{""dns.answer.name"":""atm-settingsfe-prod-geo2.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""settings-prod-neu-1.northeurope.cloudapp.azure.com""},{""dns.answer.name"":""settings-prod-neu-1.northeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""40.127.240.158""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:48:44.829 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"settings-win.data.microsoft.com.",1,3032,52203,3032,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""settings-win.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x0BD8818000010003000000000C73657474696E67732D77696E0464617461096D6963726F736F667403636F6D0000010001C00C000500010000061B002D1861746D2D73657474696E677366652D70726F642D67656F320E747261666669636D616E61676572036E657400C03D000500010000003C00311373657474696E67732D70726F642D6E65752D310B6E6F7274686575726F706508636C6F756461707005617A757265C028C076000100010000000A0004287FF09E,"VirtualizationInstance:.","55045cc9-bd02-4ea7-a81f-61f612ce1a67","7/27/2023, 2:48:47.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,67,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:47.665 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:48:45.592 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"v10.events.data.microsoft.com.",1,7431,60523,7431,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1D070100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,".","6a26e542-bd2b-4564-9ae6-1bd9f68e366a","7/27/2023, 2:48:47.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:47.665 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:48:45.592 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"win-global-asimov-leafs-events-data.trafficmanager.net.",1,7431,60523,7431,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1D078180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:48:47.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:47.665 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:48:45.592 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"onedscolprdeus05.eastus.cloudapp.azure.com.",1,7431,60523,7431,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1D078180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:48:47.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:48:47.665 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":118,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""},{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":58,""dns.answer.data"":""onedscolprdeus05.eastus.cloudapp.azure.com""},{""dns.answer.name"":""onedscolprdeus05.eastus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":8,""dns.answer.data"":""20.42.65.85""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:48:45.592 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"v10.events.data.microsoft.com.",1,7431,60523,7431,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x1D078180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007600382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E657400C03B000500010000003A0029106F6E656473636F6C70726465757330350665617374757308636C6F756461707005617A757265C026C07F00010001000000080004142A4155,"VirtualizationInstance:.","6a26e542-bd2b-4564-9ae6-1bd9f68e366a","7/27/2023, 2:48:47.003 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:18.159 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:50:14.882 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,61822,52575,61822,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF17E010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","dc91de52-7f36-4d2a-8ab5-09a6a61d0023","7/27/2023, 2:50:16.908 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:18.159 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:50:14.882 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,61822,52575,61822,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF17E818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:50:16.908 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:18.159 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:50:14.882 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,61822,52575,61822,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF17E818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:50:16.908 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:18.159 PM",,,,,,,,,,,,,,,,,,61822,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:50:14.883 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,40175,0,40175,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9CEF0000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","dc91de52-7f36-4d2a-8ab5-09a6a61d0023","7/27/2023, 2:50:16.908 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:18.159 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:50:14.912 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,40175,0,40175,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x9CEF8400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","dc91de52-7f36-4d2a-8ab5-09a6a61d0023","7/27/2023, 2:50:16.908 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:18.159 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":161,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":161,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:50:14.912 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,61822,52575,61822,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF17E818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000A10025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000A1002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000900040D456A5E,"VirtualizationInstance:.","dc91de52-7f36-4d2a-8ab5-09a6a61d0023","7/27/2023, 2:50:16.908 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,30,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:03.716 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:50:01.006 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,33201,52367,33201,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x81B1010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","9c8707d4-0cc0-419c-ae1b-6a978703e872","7/27/2023, 2:50:03.019 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:03.716 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:50:01.006 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,33201,52367,33201,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x81B1818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:50:03.019 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:03.716 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:50:01.006 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,33201,52367,33201,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x81B1818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:50:03.019 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:03.716 PM",,,,,,,,,,,,,,,,,,33201,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:50:01.007 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,49052,0,49052,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBF9C0000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","9c8707d4-0cc0-419c-ae1b-6a978703e872","7/27/2023, 2:50:03.019 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.16.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:03.716 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:50:01.034 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.16.39",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,49052,0,49052,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBF9C8000000100000006000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C023000200010000012C0014076E73312D32303109617A7572652D646E73C03DC023000200010000012C0017076E73322D32303109617A7572652D646E73036E657400C023000200010000012C0018086E7331312D32303109617A7572652D646E73036F726700C023000200010000012C0019086E7331322D32303109617A7572652D646E7304696E666F00C023000200010000012C000B086E7331302D323031C07AC023000200010000012C000A076E73392D323031C05A00002904D0000000000000,".","9c8707d4-0cc0-419c-ae1b-6a978703e872","7/27/2023, 2:50:03.019 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-201.azure-dns.com""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-201.azure-dns.org""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-201.azure-dns.info""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-201.azure-dns.com""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:03.716 PM",,,,,,,,,,,,,,,,,,33201,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:50:01.035 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,42685,0,42685,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA6BD0000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","9c8707d4-0cc0-419c-ae1b-6a978703e872","7/27/2023, 2:50:03.019 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:03.716 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:50:01.063 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,42685,0,42685,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA6BD8400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","9c8707d4-0cc0-419c-ae1b-6a978703e872","7/27/2023, 2:50:03.019 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:50:03.716 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":175,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":175,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:50:01.063 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,33201,52367,33201,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x81B1818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000AF0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000AF002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000A00040D456A5E,"VirtualizationInstance:.","9c8707d4-0cc0-419c-ae1b-6a978703e872","7/27/2023, 2:50:03.019 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,57,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:51:07.979 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:51:04.894 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"v10.events.data.microsoft.com.",1,32937,50618,32937,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x80A90100000100000000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,".","d6d3bf9b-d54b-48dc-81fc-55eb64f11939","7/27/2023, 2:51:06.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:51:07.979 PM",,,,,,,,,,,,,,,,,,32937,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:51:04.894 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"v10.events.data.microsoft.com.",1,44585,0,44585,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAE290000000100000000000103763130066576656E74730464617461096D6963726F736F667403636F6D00000100010000290FA0000000000000,".","d6d3bf9b-d54b-48dc-81fc-55eb64f11939","7/27/2023, 2:51:06.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:51:07.979 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":120,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:51:04.925 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.39",,"v10.events.data.microsoft.com.",1,44585,0,44585,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xAE298400000100010000000103763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007800382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E65740000002904D0000000000000,".","d6d3bf9b-d54b-48dc-81fc-55eb64f11939","7/27/2023, 2:51:06.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:51:07.979 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:51:04.925 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"win-global-asimov-leafs-events-data.trafficmanager.net.",1,32937,50618,32937,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x80A98180000100010000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:51:06.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:51:07.979 PM",,,,,,,,,,,,,,,,,,32937,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:51:04.925 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,27473,0,27473,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6B51000000010000000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","d6d3bf9b-d54b-48dc-81fc-55eb64f11939","7/27/2023, 2:51:06.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:51:07.979 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":60,""dns.answer.data"":""onedscolprdcus10.centralus.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:51:04.956 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"win-global-asimov-leafs-events-data.trafficmanager.NET.",1,27473,0,27473,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""win-global-asimov-leafs-events-data.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6B51840000010001000000012377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572034E45540000010001C00C000500010000003C002F106F6E656473636F6C70726463757331300963656E7472616C757308636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","d6d3bf9b-d54b-48dc-81fc-55eb64f11939","7/27/2023, 2:51:06.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:51:07.979 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:51:04.956 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"onedscolprdcus10.centralus.cloudapp.azure.com.",1,32937,50618,32937,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x80A98180000100020000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001,,,"7/27/2023, 2:51:06.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:51:07.979 PM",,,,,,,,,,,,,,,,,,32937,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:51:04.957 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprdcus10.centralus.cloudapp.azure.com.",1,49106,0,49106,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdcus10.centralus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBFD200000001000000000001106F6E656473636F6C70726463757331300963656E7472616C757308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","d6d3bf9b-d54b-48dc-81fc-55eb64f11939","7/27/2023, 2:51:06.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:51:07.979 PM",,,,,,,,,,,,,,,,,,,3,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:51:04.981 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"onedscolprdcus10.centralus.cloudapp.azure.com.",1,49106,0,49106,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdcus10.centralus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBFD280000001000000040001106F6E656473636F6C70726463757331300963656E7472616C757308636C6F756461707005617A75726503636F6D0000010001C01D000200010000012C0014076E73392D32303109617A7572652D646E73C036C01D000200010000012C0018086E7331302D32303109617A7572652D646E73036E657400C01D000200010000012C0018086E7331312D32303109617A7572652D646E73036F726700C01D000200010000012C0019086E7331322D32303109617A7572652D646E7304696E666F0000002904D0000000000000,".","d6d3bf9b-d54b-48dc-81fc-55eb64f11939","7/27/2023, 2:51:06.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""centralus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-201.azure-dns.com""},{""dns.authority.name"":""centralus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-201.azure-dns.net""},{""dns.authority.name"":""centralus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-201.azure-dns.org""},{""dns.authority.name"":""centralus.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-201.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:51:07.979 PM",,,,,,,,,,,,,,,,,,32937,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:51:04.981 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"onedscolprdcus10.centralus.cloudapp.azure.com.",1,59653,0,59653,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdcus10.centralus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE90500000001000000000001106F6E656473636F6C70726463757331300963656E7472616C757308636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","d6d3bf9b-d54b-48dc-81fc-55eb64f11939","7/27/2023, 2:51:06.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:51:07.979 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""onedscolprdcus10.centralus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.182.143.210""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:51:05.009 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"onedscolprdcus10.centralus.cloudapp.azure.com.",1,59653,0,59653,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""onedscolprdcus10.centralus.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE90584000001000100000001106F6E656473636F6C70726463757331300963656E7472616C757308636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434B68FD200002904D0000000000000,".","d6d3bf9b-d54b-48dc-81fc-55eb64f11939","7/27/2023, 2:51:06.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:51:07.979 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""v10.events.data.microsoft.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":119,""dns.answer.data"":""win-global-asimov-leafs-events-data.trafficmanager.net""},{""dns.answer.name"":""win-global-asimov-leafs-events-data.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":59,""dns.answer.data"":""onedscolprdcus10.centralus.cloudapp.azure.com""},{""dns.answer.name"":""onedscolprdcus10.centralus.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.182.143.210""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:51:05.009 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"v10.events.data.microsoft.com.",1,32937,50618,32937,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""v10.events.data.microsoft.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x80A98180000100030000000003763130066576656E74730464617461096D6963726F736F667403636F6D0000010001C00C000500010000007700382377696E2D676C6F62616C2D6173696D6F762D6C656166732D6576656E74732D646174610E747261666669636D616E61676572036E657400C03B000500010000003B002C106F6E656473636F6C70726463757331300963656E7472616C757308636C6F756461707005617A757265C026C07F0001000100000009000434B68FD2,"VirtualizationInstance:.","d6d3bf9b-d54b-48dc-81fc-55eb64f11939","7/27/2023, 2:51:06.892 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,115,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:52:08.871 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:52:06.250 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,15590,61064,15590,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3CE6010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","4ea556d8-811e-419a-af82-2799d612abb8","7/27/2023, 2:52:08.251 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:52:08.871 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:52:06.251 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,15590,61064,15590,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3CE6818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:52:08.251 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:52:08.871 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:52:06.251 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,15590,61064,15590,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3CE6818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:52:08.251 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:52:08.871 PM",,,,,,,,,,,,,,,,,,15590,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:52:06.251 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,48349,0,48349,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBCDD0000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","4ea556d8-811e-419a-af82-2799d612abb8","7/27/2023, 2:52:08.251 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:52:08.871 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:52:06.278 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,48349,0,48349,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xBCDD8400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","4ea556d8-811e-419a-af82-2799d612abb8","7/27/2023, 2:52:08.251 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:52:08.871 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":50,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":50,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:52:06.278 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,15590,61064,15590,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3CE6818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000320025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000032002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000A00040D456A5E,"VirtualizationInstance:.","4ea556d8-811e-419a-af82-2799d612abb8","7/27/2023, 2:52:08.767 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,27,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:52:23.597 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:52:20.993 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,42948,58659,42948,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA7C4010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","76f6eeae-e81e-4b38-a435-64865b0f9b50","7/27/2023, 2:52:23.010 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:52:23.597 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:52:20.993 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,42948,58659,42948,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA7C4818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:52:23.010 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:52:23.597 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:52:20.993 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,42948,58659,42948,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA7C4818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:52:23.010 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:52:23.597 PM",,,,,,,,,,,,,,,,,,42948,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:52:20.993 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,30695,0,30695,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x77E70000000100000000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","76f6eeae-e81e-4b38-a435-64865b0f9b50","7/27/2023, 2:52:23.010 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:52:23.597 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""13.69.106.94""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:52:21.022 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","150.171.10.201",,"ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com.",1,30695,0,30695,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x77E78400000100010000000116697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A00040D456A5E00002904D0000000000000,".","76f6eeae-e81e-4b38-a435-64865b0f9b50","7/27/2023, 2:52:23.010 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:52:23.597 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":35,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":35,""dns.answer.data"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-e.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""13.69.106.94""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:52:21.022 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,42948,58659,42948,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xA7C4818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000230025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000023002D16697076342D7765752D6F692D6F64732D637365732D650A776573746575726F706508636C6F7564617070C040C08C000100010000000900040D456A5E,"VirtualizationInstance:.","76f6eeae-e81e-4b38-a435-64865b0f9b50","7/27/2023, 2:52:23.010 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,30,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:17.993 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:55:15.196 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,21799,60289,21799,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5527010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","230a14d8-903b-4de2-81fd-035a91d0ea0f","7/27/2023, 2:55:17.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:17.993 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:55:15.196 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,21799,60289,21799,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5527818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:55:17.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:17.993 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:55:15.196 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,21799,60289,21799,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5527818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:55:17.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:17.993 PM",,,,,,,,,,,,,,,,,,21799,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:55:15.196 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,16414,0,16414,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x401E0000000100000000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","230a14d8-903b-4de2-81fd-035a91d0ea0f","7/27/2023, 2:55:17.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.16.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:17.993 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:55:15.250 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.16.39",,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,16414,0,16414,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x401E8000000100000006000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C023000200010000012C0014076E73312D32303109617A7572652D646E73C03DC023000200010000012C0017076E73322D32303109617A7572652D646E73036E657400C023000200010000012C0018086E7331312D32303109617A7572652D646E73036F726700C023000200010000012C0019086E7331322D32303109617A7572652D646E7304696E666F00C023000200010000012C000B086E7331302D323031C07AC023000200010000012C000A076E73392D323031C05A00002904D0000000000000,".","230a14d8-903b-4de2-81fd-035a91d0ea0f","7/27/2023, 2:55:17.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-201.azure-dns.com""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns11-201.azure-dns.org""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns12-201.azure-dns.info""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns10-201.azure-dns.net""},{""dns.authority.name"":""westeurope.cloudapp.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns9-201.azure-dns.com""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:17.993 PM",,,,,,,,,,,,,,,,,,21799,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:55:15.251 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,28435,0,28435,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6F130000000100000000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","230a14d8-903b-4de2-81fd-035a91d0ea0f","7/27/2023, 2:55:17.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:17.993 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:55:15.254 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,21799,60289,21799,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5527010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","df178af5-b271-457b-a844-371ac8d1d1e6","7/27/2023, 2:55:17.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:17.993 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:55:15.255 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,21799,60289,21799,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5527818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:55:17.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:17.993 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:55:15.255 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,21799,60289,21799,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5527818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:55:17.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:17.993 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.221""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:55:15.289 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,28435,0,28435,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6F138400000100010000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADD00002904D0000000000000,".","230a14d8-903b-4de2-81fd-035a91d0ea0f","7/27/2023, 2:55:17.235 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:17.993 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":176,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":176,""dns.answer.data"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.221""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:55:15.289 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,21799,60289,21799,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x5527818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000B00025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000B0002D16697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F7564617070C040C08C000100010000000A000434ECBADD,"VirtualizationInstance:.","230a14d8-903b-4de2-81fd-035a91d0ea0f","7/27/2023, 2:55:17.745 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,93,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:56:37.195 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:56:34.503 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,27891,54472,27891,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6CF3010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","89f0cbbf-0216-484a-abda-5cac32dc2fe4","7/27/2023, 2:56:36.533 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:56:37.195 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:56:34.503 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,27891,54472,27891,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6CF3818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:56:36.533 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:56:37.195 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:56:34.503 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,27891,54472,27891,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6CF3818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:56:36.533 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:56:37.195 PM",,,,,,,,,,,,,,,,,,27891,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:56:34.503 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,57439,0,57439,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE05F0000000100000000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","89f0cbbf-0216-484a-abda-5cac32dc2fe4","7/27/2023, 2:56:36.533 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:56:37.195 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.221""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:56:34.532 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,57439,0,57439,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xE05F8400000100010000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADD00002904D0000000000000,".","89f0cbbf-0216-484a-abda-5cac32dc2fe4","7/27/2023, 2:56:36.533 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:56:37.195 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":96,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":96,""dns.answer.data"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":8,""dns.answer.data"":""52.236.186.221""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:56:34.532 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,27891,54472,27891,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6CF3818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000600025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000060002D16697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F7564617070C040C08C0001000100000008000434ECBADD,"VirtualizationInstance:.","89f0cbbf-0216-484a-abda-5cac32dc2fe4","7/27/2023, 2:56:37.048 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,31,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:15.026 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:53:11.431 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.10.39",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,55361,0,55361,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD841800000010000000400012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C031000200010000012C0013066E73312D303109617A7572652D646E73C046C031000200010000012C0016066E73322D303109617A7572652D646E73036E657400C031000200010000012C0016066E73332D303109617A7572652D646E73036F726700C031000200010000012C0017066E73342D303109617A7572652D646E7304696E666F0000002904D0000000000000,".","f4ad3e0b-e8ae-43ce-b80b-c7941e894457","7/27/2023, 2:53:13.408 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-01.azure-dns.com""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-01.azure-dns.net""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns3-01.azure-dns.org""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns4-01.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:15.026 PM",,,,,,,,,,,,,,,,,,62341,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:53:11.431 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,50570,0,50570,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC58A000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","f4ad3e0b-e8ae-43ce-b80b-c7941e894457","7/27/2023, 2:53:13.408 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","204.14.183.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:15.026 PM",,,,,,,,,,,,,,,,,,,2,".",Default,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:53:11.462 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","204.14.183.1",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,50570,0,50570,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC58A840000010001000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E65740000002904D0000000000000,".","f4ad3e0b-e8ae-43ce-b80b-c7941e894457","7/27/2023, 2:53:13.408 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:15.026 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:53:11.462 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,62341,57919,62341,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF385818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:53:13.408 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:15.026 PM",,,,,,,,,,,,,,,,,,1,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:53:11.462 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"tm1.edgedns-tm.info.",1,18266,0,18266,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x475A0000000100000000000103746D310A65646765646E732D746D04696E666F00000100010000290FA0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:53:13.408 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","208.84.5.4",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:15.026 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""tm1.edgedns-tm.info"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""13.107.222.240""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:53:11.497 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","208.84.5.4",,"tm1.edgedns-tm.info.",1,18266,0,18266,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""tm1.edgedns-tm.info"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x475A8400000100010000000103746D310A65646765646E732D746D04696E666F0000010001C00C000100010000012C00040D6BDEF000002904D0000000000000,".","00000000-0000-0000-0000-000000000000","7/27/2023, 2:53:13.408 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:15.026 PM",,,,,,,,,,,,,,,,,,62341,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:53:11.497 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"opinsightsweuods.trafficmanager.NET.",1,14877,0,14877,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3A1D00000001000000000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E455400000100010000290FA0000000000000,".","f4ad3e0b-e8ae-43ce-b80b-c7941e894457","7/27/2023, 2:53:13.408 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.222.240",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:15.026 PM",,,,,,,,,,,,,,,,,,,3,".",Default,"[{""dns.answer.name"":""opinsightsweuods.trafficmanager.NET"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:53:11.523 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.222.240",,"opinsightsweuods.trafficmanager.NET.",1,14877,0,14877,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""opinsightsweuods.trafficmanager.NET"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x3A1D84000001000100000001106F70696E7369676874737765756F64730E747261666669636D616E61676572034E45540000010001C00C000500010000012C003616697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D0000002904D0000000000000,".","f4ad3e0b-e8ae-43ce-b80b-c7941e894457","7/27/2023, 2:53:13.408 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:15.026 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:53:11.523 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,62341,57919,62341,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF385818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:53:13.408 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:15.026 PM",,,,,,,,,,,,,,,,,,62341,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:53:11.523 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,51500,0,51500,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC92C0000000100000000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","f4ad3e0b-e8ae-43ce-b80b-c7941e894457","7/27/2023, 2:53:13.408 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:15.026 PM",,,,,,,,,,,,,,,,,,,4,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.221""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:53:11.562 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com.",1,51500,0,51500,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xC92C8400000100010000000116697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADD00002904D0000000000000,".","f4ad3e0b-e8ae-43ce-b80b-c7941e894457","7/27/2023, 2:53:13.408 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:15.026 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":300,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":299,""dns.answer.data"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-d.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.221""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:53:11.563 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,62341,57919,62341,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF385818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C000500010000012C0025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B000500010000012B002D16697076342D7765752D6F692D6F64732D637365732D640A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADD,"VirtualizationInstance:.","f4ad3e0b-e8ae-43ce-b80b-c7941e894457","7/27/2023, 2:53:13.408 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,158,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:25.112 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:58:23.456 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,5813,64171,5813,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x16B5010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","395824ce-c86c-44b4-9f9c-171b6986c947","7/27/2023, 2:58:24.469 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:25.112 PM",,,,,,,,,,,,,,,,,,5813,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:58:23.457 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,28487,0,28487,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6F47000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","395824ce-c86c-44b4-9f9c-171b6986c947","7/27/2023, 2:58:24.469 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.16.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:25.112 PM",,,,,,,,,,,,,,,,,,,1,".",Default,,0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:58:23.487 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,32768,0,"0.0.0.0","150.171.16.39",,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,28487,0,28487,false,false,false,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6F47800000010000000400012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C031000200010000012C0013066E73312D303109617A7572652D646E73C046C031000200010000012C0016066E73322D303109617A7572652D646E73036E657400C031000200010000012C0016066E73332D303109617A7572652D646E73036F726700C031000200010000012C0017066E73342D303109617A7572652D646E7304696E666F0000002904D0000000000000,".","395824ce-c86c-44b4-9f9c-171b6986c947","7/27/2023, 2:58:24.469 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,0,0,,,,,,"[{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns1-01.azure-dns.com""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns2-01.azure-dns.net""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns3-01.azure-dns.org""},{""dns.authority.name"":""ods.opinsights.azure.com"",""dns.authority.type"":""NS"",""dns.authority.class"":""IN"",""dns.authority.ttl"":300,""dns.authority.data"":""ns4-01.azure-dns.info""}]",,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:25.112 PM",,,,,,,,,,,,,,,,,,5813,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:58:23.488 PM",2908,4024,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,27209,0,27209,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x6A49000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","395824ce-c86c-44b4-9f9c-171b6986c947","7/27/2023, 2:58:24.469 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.1",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:13.197 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:53:11.404 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,62341,57919,62341,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xF385010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","f4ad3e0b-e8ae-43ce-b80b-c7941e894457","7/27/2023, 2:53:12.407 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:53:13.197 PM",,,,,,,,,,,,,,,,,,62341,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:53:11.404 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,55361,0,55361,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD841000000010000000000012430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D00000100010000290FA0000000000000,".","f4ad3e0b-e8ae-43ce-b80b-c7941e894457","7/27/2023, 2:53:12.407 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","150.171.10.39",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:44.390 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:58:41.707 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,13611,59948,13611,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x352B010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","f1d14693-8c00-4cd4-98a1-d9d527a4788a","7/27/2023, 2:58:43.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:44.390 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:58:41.708 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,13611,59948,13611,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x352B818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:58:43.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:44.390 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:58:41.708 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,13611,59948,13611,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x352B818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:58:43.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:44.390 PM",,,,,,,,,,,,,,,,,,13611,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:58:41.708 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,17672,0,17672,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x45080000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","f1d14693-8c00-4cd4-98a1-d9d527a4788a","7/27/2023, 2:58:43.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:44.390 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:58:41.741 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,17672,0,17672,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x45088400000100010000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADE00002904D0000000000000,".","f1d14693-8c00-4cd4-98a1-d9d527a4788a","7/27/2023, 2:58:43.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:58:44.390 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":281,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":281,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:58:41.741 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,13611,59948,13611,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x352B818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000001190025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B0005000100000119002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADE,"VirtualizationInstance:.","f1d14693-8c00-4cd4-98a1-d9d527a4788a","7/27/2023, 2:58:43.797 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,34,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:53.987 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:55:51.282 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"wpad.local.",1,37963,58451,37963,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""wpad.local"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x944B010000010000000000000477706164056C6F63616C0000010001,".","4a44c68e-b65f-4ff4-8d8f-66b4cab4ed5b","7/27/2023, 2:55:53.298 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:55:53.987 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:55:51.283 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,34179,0,"172.18.88.20",,,"wpad.local.",1,37963,58451,37963,true,false,true,QUERY,true,NXDOMAIN,false,false,true,"[{""dns.query.name"":""wpad.local"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x944B858300010000000100000477706164056C6F63616C0000010001056C6F63616C000006000100000E10002A0677696E646E73C01C0A686F73746D6173746572C01C0000001500000384000002580001518000000E10,"VirtualizationInstance:.","4a44c68e-b65f-4ff4-8d8f-66b4cab4ed5b","7/27/2023, 2:55:53.298 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",1,0,0,3,Default,local,NULL,"[{""dns.authority.name"":""local"",""dns.authority.type"":""SOA"",""dns.authority.class"":""IN"",""dns.authority.ttl"":3600,""dns.soa.data.name_server"":""windns.local"",""dns.soa.data.auth_mailbox"":""hostmaster.local"",""dns.soa.data.serial_number"":21,""dns.soa.data.refresh_interval"":900,""dns.soa.data.retry_interval"":600,""dns.soa.data.expire_limit"":86400,""dns.soa.data.min_ttl"":3600}]",0,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:59:24.364 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",256,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775809,"7/27/2023, 2:59:21.580 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,256,0,"172.18.88.20","172.18.88.20",1,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,35146,51002,35146,true,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x894A010000010000000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,".","a896eae8-817e-450a-9284-a3d5c506452a","7/27/2023, 2:59:23.626 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:59:24.364 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:59:21.580 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"opinsightsweuods.trafficmanager.net.",1,35146,51002,35146,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x894A818000010001000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:59:23.626 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:59:24.364 PM",,,,,,,,,,,,,,,,,,,,,,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",279,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372071214514176,"7/27/2023, 2:59:21.580 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20","172.18.88.20",1,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,35146,51002,35146,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x894A818000010002000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001,,,"7/27/2023, 2:59:23.626 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,,,,,,,,,,"N/A","NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:59:24.364 PM",,,,,,,,,,,,,,,,,,35146,,".",Default,,,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",260,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775824,"7/27/2023, 2:59:21.580 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,0,0,"0.0.0.0",,0,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,55727,0,55727,false,false,false,QUERY,false,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD9AF0000000100000000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D00000100010000290FA0000000000000,".","a896eae8-817e-450a-9284-a3d5c506452a","7/27/2023, 2:59:23.626 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","13.107.236.201",,,,,,,NULL,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:59:24.364 PM",,,,,,,,,,,,,,,,,,,1,".",Default,"[{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":10,""dns.answer.data"":""52.236.186.222""}]",0,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",261,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,2,"RECURSE_QUERY ",9223372036854775840,"7/27/2023, 2:59:21.611 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33792,0,"0.0.0.0","13.107.236.201",,"ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com.",1,55727,0,55727,false,false,true,QUERY,true,NOERROR,false,false,false,"[{""dns.query.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0xD9AF8400000100010000000116697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F756461707005617A75726503636F6D0000010001C00C000100010000000A000434ECBADE00002904D0000000000000,".","a896eae8-817e-450a-9284-a3d5c506452a","7/27/2023, 2:59:23.626 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A",,1,0,,,,,,,,,"NXLog_DNS_Server_CL", +"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a",RestAPI,,,"7/27/2023, 2:59:24.364 PM",,,,,,,,,,,,,,,,,,,,,,"[{""dns.answer.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":241,""dns.answer.data"":""opinsightsweuods.trafficmanager.net""},{""dns.answer.name"":""opinsightsweuods.trafficmanager.net"",""dns.answer.type"":""CNAME"",""dns.answer.class"":""IN"",""dns.answer.ttl"":241,""dns.answer.data"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com""},{""dns.answer.name"":""ipv4-weu-oi-ods-cses-g.westeurope.cloudapp.azure.com"",""dns.answer.type"":""A"",""dns.answer.class"":""IN"",""dns.answer.ttl"":9,""dns.answer.data"":""52.236.186.222""}]",,"Microsoft-Windows-DNSServer","eb79061a-a566-4698-9119-3ed2807060e7",257,0,16,"Microsoft-Windows-DNS-Server/Analytical ",4,"Information ",0,1,"LOOK_UP ",9223372036854775810,"7/27/2023, 2:59:21.611 PM",2908,4028,INFO,2,INFO,windns,"NT AUTHORITY",SYSTEM,"S-1-5-18",User,33152,0,"172.18.88.20",,,"0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com.",1,35146,51002,35146,true,false,false,QUERY,true,NOERROR,false,false,true,"[{""dns.query.name"":""0b2a9277-f48f-49f6-b78d-d8bfd6dea87a.ods.opinsights.azure.com"",""dns.query.type"":""A"",""dns.query.class"":""IN""}]",0x894A818000010003000000002430623261393237372D663438662D343966362D623738642D643862666436646561383761036F64730A6F70696E73696768747305617A75726503636F6D0000010001C00C00050001000000F10025106F70696E7369676874737765756F64730E747261666669636D616E61676572036E657400C05B00050001000000F1002D16697076342D7765752D6F692D6F64732D637365732D670A776573746575726F706508636C6F7564617070C040C08C0001000100000009000434ECBADE,"VirtualizationInstance:.","a896eae8-817e-450a-9284-a3d5c506452a","7/27/2023, 2:59:24.140 PM","in_windowsdns_auditanalytics_sentinel_windows","im_etw","172.18.88.20","N/A","172.18.88.20",0,0,0,0,Default,"..Cache",NULL,,31,,"NXLog_DNS_Server_CL", diff --git a/Sample Data/ASIM/NXLog_DNS_Server_CL_schema.csv b/Sample Data/ASIM/NXLog_DNS_Server_CL_schema.csv new file mode 100644 index 00000000000..7e1781dcd9b --- /dev/null +++ b/Sample Data/ASIM/NXLog_DNS_Server_CL_schema.csv @@ -0,0 +1,93 @@ +ColumnName,ColumnOrdinal,DataType,ColumnType +TenantId,0,"System.String",string +SourceSystem,1,"System.String",string +MG,2,"System.String",string +ManagementGroupName,3,"System.String",string +TimeGenerated,4,"System.DateTime",datetime +Computer,5,"System.String",string +RawData,6,"System.String",string +"ListenAddresses_s",7,"System.String",string +"NAME_s",8,"System.String",string +"TTL_s",9,"System.String",string +"RDATA_s",10,"System.String",string +"ZoneScope_s",11,"System.String",string +"PropertyKey_s",12,"System.String",string +"NewValue_s",13,"System.String",string +"VirtualizationID_s",14,"System.String",string +"Name_s",15,"System.String",string +"Type_s",16,"System.String",string +"Lookup_s",17,"System.String",string +"ReplicationScope_s",18,"System.String",string +"ZoneFile_s",19,"System.String",string +"Reason_s",20,"System.String",string +"ParsedPacketData_dns_additional_s",21,"System.String",string +"QXID_s",22,"System.String",string +"RecursionDepth_s",23,"System.String",string +"RecursionScope_s",24,"System.String",string +"CacheScope_s",25,"System.String",string +"ParsedPacketData_dns_answer_s",26,"System.String",string +"QueriesAttached_s",27,"System.String",string +"SourceName_s",28,"System.String",string +"ProviderGuid_g",29,"System.String",string +"EventID_d",30,"System.Double",real +"Version_d",31,"System.Double",real +"ChannelID_d",32,"System.Double",real +"Channel_s",33,"System.String",string +"LevelValue_d",34,"System.Double",real +Level,35,"System.String",string +"OpcodeValue_d",36,"System.Double",real +"TaskValue_d",37,"System.Double",real +Category,38,"System.String",string +"Keywords_s",39,"System.String",string +"EventTime_t",40,"System.DateTime",datetime +"ExecutionProcessID_d",41,"System.Double",real +"ExecutionThreadID_d",42,"System.Double",real +"EventType_s",43,"System.String",string +"SeverityValue_d",44,"System.Double",real +"Severity_s",45,"System.String",string +"Hostname_s",46,"System.String",string +"Domain_s",47,"System.String",string +"AccountName_s",48,"System.String",string +"UserID_s",49,"System.String",string +"AccountType_s",50,"System.String",string +"Flags_s",51,"System.String",string +"TCP_s",52,"System.String",string +"InterfaceIP_s",53,"System.String",string +"Source_s",54,"System.String",string +"RD_s",55,"System.String",string +"QNAME_s",56,"System.String",string +"QTYPE_s",57,"System.String",string +"XID_s",58,"System.String",string +"Port_s",59,"System.String",string +"ParsedPacketData_dns_id_d",60,"System.Double",real +"ParsedPacketData_dns_flags_recursion_desired_s",61,"System.String",string +"ParsedPacketData_dns_flags_truncated_response_s",62,"System.String",string +"ParsedPacketData_dns_flags_authoritative_s",63,"System.String",string +"ParsedPacketData_dns_opcode_s",64,"System.String",string +"ParsedPacketData_dns_flags_query_or_response_s",65,"System.String",string +"ParsedPacketData_dns_response_code_s",66,"System.String",string +"ParsedPacketData_dns_flags_checking_disabled_s",67,"System.String",string +"ParsedPacketData_dns_flags_authentic_data_s",68,"System.String",string +"ParsedPacketData_dns_flags_recursion_available_s",69,"System.String",string +"ParsedPacketData_dns_query_s",70,"System.String",string +"PacketData_s",71,"System.String",string +"AdditionalInfo_s",72,"System.String",string +"GUID_g",73,"System.String",string +"EventReceivedTime_t",74,"System.DateTime",datetime +"SourceModuleName_s",75,"System.String",string +"SourceModuleType_s",76,"System.String",string +"HostIP_s",77,"System.String",string +"BufferSize_s",78,"System.String",string +"Destination_s",79,"System.String",string +"AA_s",80,"System.String",string +"AD_s",81,"System.String",string +"DNSSEC_s",82,"System.String",string +"RCODE_s",83,"System.String",string +"Scope_s",84,"System.String",string +"Zone_s",85,"System.String",string +"PolicyName_s",86,"System.String",string +"ParsedPacketData_dns_authority_s",87,"System.String",string +"ElapsedTime_s",88,"System.String",string +"GUID_s",89,"System.String",string +Type,90,"System.String",string +"_ResourceId",91,"System.String",string