id: e85a5d94-1f9f-4ce1-b54d-c61bbd24c41f name: Google DNS - Sources with high number of errors description: | 'Query searches for sources with high number of errors.' severity: Low requiredDataConnectors: - connectorId: GCPDNSDataConnector dataTypes: - GCPCloudDNS tactics: - CommandAndControl relevantTechniques: - T1095 query: | GCPCloudDNS | where TimeGenerated > ago(24h) | where EventResultDetails != 'NOERROR' | summarize count() by SrcIpAddr | extend IPCustomEntity = SrcIpAddr entityMappings: - entityType: IP fieldMappings: - identifier: Address columnName: IPCustomEntity