Could you please help me in writing a query for the below scenario:
I want find a src computer which is trying to reach out specific blocked or suspicious site everyday for the last 30-90days.
Also another query for the same but a src reaching out to multiple blocked sites everyday for last 30-90 days. (Multiple sites: the src might be reaching out same set of destination everyday)
For Example, DNS logs & Palo Alto
Assume computer XYZ-PC is reaching out to a blocked domain abc.com everyday .
Computer XYZ-PC is reaching out to abc.com , asd.com & qwe.com everyday.
I will not know the domain OR url the computer is reaching out to. So, I would basically search with computer going to blocked domains/urls everyday.