Azure-Sentinel/Tools/externaldata/dnsevents.yaml

externaldata(TenantId:string, Computer:string, SourceSystem:string, TimeGenerated:datetime, EventId:int, SubType:string, ClientIP:string, Name:string, Result:string, IPAddresses:string, Message:string, TaskCategory:string, QueryType:string, ResultCode:int, MaliciousIP:string, IndicatorThreatType:string, Description:string, Confidence:string, Severity:int, ReportReferenceLink:string, RemoteIPLongitude:real, RemoteIPLatitude:real, RemoteIPCountry:string, Type:string, _ResourceId:string)
[
  h@"https://STORAGEACCOUNTNAME.blob.core.windows.net/am-dnsevents/SASSIG"
]
with(format="json")