Dear All
Good Day
I need search detect users using DNS different than Organization DNS. Please share me your ideas & suggestion .
Hey @abdallahalhabbash, If richgalloway solved your problem, please remember to "Accept" his answer to award karma points. 🙂
Assuming you're already collecting network metadata (either from Stream, your proxy server, firewall logs, etc.) then you just need to look for events going to port 53 with a destination IP address not in your network.