diff --git a/Solutions/Infoblox NIOS/Analytic Rules/ExcessiveNXDOMAINDNSQueries.yaml b/Solutions/Infoblox NIOS/Analytic Rules/ExcessiveNXDOMAINDNSQueries.yaml
index fad10f43e7..78625c959d 100644
--- a/Solutions/Infoblox NIOS/Analytic Rules/ExcessiveNXDOMAINDNSQueries.yaml	
+++ b/Solutions/Infoblox NIOS/Analytic Rules/ExcessiveNXDOMAINDNSQueries.yaml	
@@ -19,16 +19,18 @@ relevantTechniques:
 query: |
 
   let threshold = 200;
-  Infoblox_dnsclient
-  | where isnotempty(DnsResponseCode)
-  | where DnsResponseCode =~ "NXDOMAIN"
-  | summarize count() by SrcIpAddr, bin(TimeGenerated,15m)
+  InfobloxNIOS
+  | where ProcessName =~ "named" and Log_Type =~ "client"
+  | where isnotempty(ResponseCode)
+  | where ResponseCode =~ "NXDOMAIN"
+  | summarize count() by Client_IP, bin(TimeGenerated,15m)
   | where count_ > threshold
-  | join kind=inner (Infoblox_dnsclient
-      | where isnotempty(DnsResponseCode)
-      | where DnsResponseCode =~ "NXDOMAIN"
-      ) on SrcIpAddr
-  | extend timestamp = TimeGenerated, IPCustomEntity = SrcIpAddr
+  | join kind=inner (InfobloxNIOS
+      | where ProcessName =~ "named" and Log_Type =~ "client"
+      | where isnotempty(ResponseCode)
+      | where ResponseCode =~ "NXDOMAIN"
+      ) on Client_IP
+  | extend timestamp = TimeGenerated, IPCustomEntity = Client_IP
 entityMappings:
   - entityType: IP
     fieldMappings:
diff --git a/Solutions/Infoblox NIOS/Analytic Rules/PotentialDHCPStarvationAttack.yaml b/Solutions/Infoblox NIOS/Analytic Rules/PotentialDHCPStarvationAttack.yaml
index 40ac2efa21..c961fe9d1f 100644
--- a/Solutions/Infoblox NIOS/Analytic Rules/PotentialDHCPStarvationAttack.yaml	
+++ b/Solutions/Infoblox NIOS/Analytic Rules/PotentialDHCPStarvationAttack.yaml	
@@ -18,13 +18,14 @@ relevantTechniques:
 query: |
 
   let threshold = 1000;
-  Infoblox_dhcprequest
-  | summarize count() by SrcIpAddr, bin(TimeGenerated,5m)
+  InfobloxNIOS
+  | where ProcessName =~ "dhcpd" and Log_Type =~ "DHCPREQUEST"
+  | summarize count() by ServerIP, bin(TimeGenerated,5m)
   | where count_ > threshold
-  | join kind=inner (Infoblox_dhcprequest
+  | join kind=inner (InfobloxNIOS
       | where ProcessName =~ "dhcpd" and Log_Type =~ "DHCPREQUEST"
-      ) on SrcIpAddr
-  | extend timestamp = TimeGenerated, IPCustomEntity = SrcIpAddr
+      ) on ServerIP
+  | extend timestamp = TimeGenerated, IPCustomEntity = ServerIP
 entityMappings:
   - entityType: IP
     fieldMappings: