DNSFilter is currently generating a high volume of log data. To optimize SIEM performance and reduce unnecessary data consumption, we would like to implement filtering controls to exclude specific domains from ingestion.

For example, lots of Microsoft related domains are responsible for a significant portion of the event volume but provide limited value. As such, we would like to exclude these domains from being forwarded to the SIEM to improve efficiency and better manage data utilization within the SIEM environment.