I am trying to work on a use-case for DGA and was thinking of using Shannon's entropy to get randomness in domain name. Splunk has a function for this but couldn't find anything similar in Sentinel. Would be of great help if we Sentinel has something similar.
@ChaudharyPrernaRIEPL-0186 As fas as I know there is no default function for it. We have one example from our expert for process name entropy at :
https://techcommunity.microsoft.com/t5/azure-sentinel/identifying-threat-hunting-opportunities-in-your-data/ba-p/915721
i will check internally to see if we can help you something concrete. Will update soon.
@vipulsparsh-MSFT Thanks for your response. I did go through the detailed article and the query which is pretty nice but tweaking it to our needs might be difficult. So, was just wondering if something like Splunk's entropy function/macro can be done with Sentinel.
4 people are following this question.
