Google Cloud Platform DNS Solution
Solution: GoogleCloudPlatformDNS
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
| Attribute | Value |
|---|---|
| Publisher | Microsoft Corporation |
| Support Tier | Microsoft |
| Support Link | https://support.microsoft.com/ |
| Categories | domains |
| Version | 3.0.1 |
| Author | Microsoft - support@microsoft.com |
| First Published | 2022-07-07 |
| Solution Folder | GoogleCloudPlatformDNS |
| Marketplace | Azure Marketplace · Rating: ★☆☆☆☆ 1.0/5 (1 ratings) · Popularity: ⚪ Very Low (0%) |
The Google Cloud Platform DNS solution provides the capability to ingest Cloud DNS query logs and Cloud DNS audit logs into Microsoft Sentinel using the GCP Logging API. Refer to GCP Logging API documentation for more information.
Underlying Microsoft Technologies used:
This solution takes a dependency on the following technologies, and some of these dependencies either may be in Preview state or might result in additional ingestion or operational costs
• Microsoft Sentinel Codeless Connector Framework
Additional Information
📖 Setup Guide: Google Cloud Platform connectors - Connect GCP logs to Microsoft Sentinel
Contents
Data Connectors
This solution provides 1 data connector(s) (plus 1 discovered⚠️):
- [DEPRECATED] Google Cloud Platform DNS ⚠️ 🔶
- Google Cloud Platform DNS (via Codeless Connector Framework)
🔍 Discovered: This item was discovered by scanning the solution folder but is not listed in the Solution JSON file.
🔶 CLv1: This connector ingests into a table that uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Tables Used
This solution uses 2 table(s):
| Table | Used By Connectors | Used By Content |
|---|---|---|
GCPDNS |
Google Cloud Platform DNS (via Codeless Connector Framework) | Analytics, Hunting, Workbooks |
GCP_DNS_CL 🔶 |
[DEPRECATED] Google Cloud Platform DNS | Analytics, Hunting, Workbooks |
🔶 CLv1: This table uses the legacy Custom Log V1 schema format with type-suffixed column names (e.g.
_s,_d,_b,_t,_g). Note: identification is based on column name suffixes which are also permitted in CLv2, so this classification may not always be accurate.
Content Items
This solution includes 23 content item(s):
| Content Type | Count |
|---|---|
| Analytic Rules | 11 |
| Hunting Queries | 10 |
| Workbooks | 1 |
| Parsers | 1 |
Analytic Rules
| Name | Severity | Tactics | Tables Used |
|---|---|---|---|
| Google DNS - CVE-2020-1350 (SIGRED) exploitation pattern | High | PrivilegeEscalation | GCPDNSGCP_DNS_CL |
| Google DNS - CVE-2021-34527 (PrintNightmare) external exploit | High | PrivilegeEscalation | GCPDNSGCP_DNS_CL |
| Google DNS - CVE-2021-40444 exploitation | High | PrivilegeEscalation | GCPDNSGCP_DNS_CL |
| Google DNS - Exchange online autodiscover abuse | Medium | InitialAccess, CredentialAccess | GCPDNSGCP_DNS_CL |
| Google DNS - IP check activity | Medium | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - Malicous Python packages | High | InitialAccess | GCPDNSGCP_DNS_CL |
| Google DNS - Multiple errors for source | Medium | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - Multiple errors to same domain | Medium | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - Possible data exfiltration | High | Exfiltration | GCPDNSGCP_DNS_CL |
| Google DNS - Request to dynamic DNS service | Medium | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - UNC2452 (Nobelium) APT Group activity | High | CommandAndControl | GCPDNSGCP_DNS_CL |
Hunting Queries
| Name | Tactics | Tables Used |
|---|---|---|
| Google DNS - Domains with rare errors | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - Errors | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - Rare domains | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - Requests to IP lookup resources | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - Requests to TOR resources | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - Requests to online shares | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - Server latency | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - Sources with high number of errors | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - Unexpected top level domains | CommandAndControl | GCPDNSGCP_DNS_CL |
| Google DNS - Unusual top level domains | CommandAndControl | GCPDNSGCP_DNS_CL |
Workbooks
| Name | Tables Used |
|---|---|
| GCPDNS | GCPDNSGCP_DNS_CL |
Parsers
| Name | Description | Tables Used |
|---|---|---|
| GCPCloudDNS | - | GCPDNS (read)GCP_DNS_CL (read) |
Release Notes
| Version | Date Modified (DD-MM-YYYY) | ChangeHistory |
|---|---|---|
| 3.0.5 | 29-07-2025 | Removed Deprecated Data Connector. |
| 3.0.4 | 26-06-2025 | Moving CCF Connector - Google Cloud Platform DNS from Public preview to GA. |
| 3.0.3 | 09-05-2025 | Implemented Standard table Functionality to CCF Connector - Google Cloud Platform DNS. |
| 3.0.2 | 11-02-2025 | Migrated the Function app connector to CCP Data Connctor and Updated Parser. |
| 3.0.1 | 10-09-2024 | Repackaged solution to add existing Parser. |
| 3.0.0 | 04-09-2024 | Updated the python runtime version to 3.11 Function app Data Connector. |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊