This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 28.000000000000004%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EP%3C/text%3E%3C/svg%3E)
I am trying to work on a use-case for DGA and was thinking of using Shannon's entropy to get randomness in domain name. Splunk has a function for this but couldn't find anything similar in Sentinel. Would be of great help if we Sentinel has something similar.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 0%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVM%3C/text%3E%3C/svg%3E)
@Prerna As fas as I know there is no default function for it. We have one example from our expert for process name entropy at :
https://techcommunity.microsoft.com/t5/azure-sentinel/identifying-threat-hunting-opportunities-in-your-data/ba-p/915721
i will check internally to see if we can help you something concrete. Will update soon.
@VipulSparsh-MSFT Thanks for your response. I did go through the detailed article and the query which is pretty nice but tweaking it to our needs might be difficult. So, was just wondering if something like Splunk's entropy function/macro can be done with Sentinel.