DNS
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Connector ID | DNS |
| Publisher | Microsoft |
| Used in Solutions | Windows Server DNS |
| Collection Method | MMA |
| Connector Definition Files | template_DNS.JSON |
The DNS log connector allows you to easily connect your DNS analytic and audit logs with Microsoft Sentinel, and other related data, to improve investigation.
When you enable DNS log collection you can:
-
Identify clients that try to resolve malicious domain names.
-
Identify stale resource records.
-
Identify frequently queried domain names and talkative DNS clients.
-
View request load on DNS servers.
-
View dynamic DNS registration failures.
For more information, see the Microsoft Sentinel documentation.
Tables Ingested
This connector ingests data into the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
DnsEvents |
✓ | ✗ | ? |
DnsInventory |
✓ | ✗ | ? |
Permissions
Resource Provider Permissions: - Workspace (Workspace): read and write permissions. - Solutions (ResourceGroup): read and write permissions.
Setup Instructions
⚠️ Note: These instructions were automatically generated from the connector's user interface definition file using AI and may not be fully accurate. Please verify all configuration steps in the Microsoft Sentinel portal.
1. Download and install the agent
DNS logs are collected only from Windows agents. Choose where to install the agent:
Install agent on Azure Windows Virtual Machine
Download the agent on the relevant machine and follow the instructions. - Install/configure: InstallAgentOnVirtualMachine
Install agent on non-Azure Windows Machine
Select the machine to install the agent and then click Connect. - Install/configure: InstallAgentOnNonAzure
2. Install DNS solution - Install solution: DnsAnalytics
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊