I rather doubt that 8.8.8.8 is a dubious DNS server.
05/13/2023-22:26:21.656297 [Drop] [**] [1:2015813:8] ET MALWARE DNS Query Sinkhole Domain Various Families (Possible Infected Host) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.69.246:59631 -> 8.8.8.8:53
Hi @jimoe - for this particular signature the alert is against the activity of the host - not the destination (DNS server in this case).
Here, a host within your network has queried against torpig-sinkhole[dot]org (a sinkhole domain for the torpig botnet) - it’s possible this host is infected. The alert itself is not an indictment against the queried DNS server.