Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Reference for DnsAuditEvents table in Azure Monitor Logs.
| Attribute | Value |
|---|---|
| Category | Security |
| Basic Logs Eligible | ✓ Yes (source) |
| Supports Transformations | ✓ Yes (source) |
| Ingestion API Supported | ✓ Yes |
| Azure Monitor Tables Reference | View Documentation |
| Azure Monitor Logs Ingestion API | View Documentation |
Source: Azure Monitor documentation
| Column Name | Type | Description |
|---|---|---|
| _BilledSize | real | The record size in bytes |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable isfalseingestion isn't billed to your Azure account |
| _ResourceId | string | A unique identifier for the resource that the record is associated with |
| _SubscriptionId | string | A unique identifier for the subscription that the record is associated with |
| Action | string | If a query meets the criteria of a policy, the action is the response that the policy requires. |
| ActiveKey | string | Signing key of the KSK's active key. |
| AdditionalData | dynamic | Additional information not already scoped into its own dedicated field. |
| Base64Data | string | Key data. |
| BufferSize | int | Size of the buffer used for logging the event data.(in bytes) |
| ChildZone | string | Name of a child zone. |
| ClientSubnetList | string | The list of IPv4 and IPv6 of the client subnet. |
| ClientSubnetRecord | string | Then name of the client subnet. |
| Condition | string | Specific circumstances or requirements that trigger certain actions or policies. |
| Criteria | string | Criteria or conditions that triggered the event. |
| CryptoAlgorithm | string | The cryptographic algorithm used for securing DNS-related operations. |
| CurrentRolloverStatus | string | The state of the key rollover process from one key to another. |
| CurrentState | string | The current status of a DNS key or zone. |
| DenialOfExistence | string | The method used to prove that a certain DNS record does not exist. |
| Digest | string | A secure fingerprint, allowing DNS resolvers to validate the authenticity of the trust anchor information. |
| DigestType | string | Specifies the type of cryptographic hash algorithm used for generating the digest (hash) value. |
| DistributeTrustAnchor | string | Relates to the distribution of a trust anchor for DNSSEC, which is a secure public key that helps in the validation of DNS data. |
| DnsKeyRecordSetTtl | int | The time-to-live (TTL) value assigned to DNSKEY records when signing a DNS zone. This value determines how long a DNSKEY record will be considered valid before it needs to be refreshed. |
| DnsKeySignatureValidityPeriod | int | The duration in seconds that a DNSKEY record's signature is considered valid. |
| DnsQuery | string | The domain that needs to be resolved. |
| DnsQueryType | int | The DNS resource record type codes as defined by the Internet Assigned Numbers Authority (IANA). |
| DSRecordGenerationAlgorithm | string | The algorithm used to generate the Delegation Signer (DS) record from the DNSKEY record. |
| DSRecordSetTtl | int | The time-to-live (TTL) value for the DS (Delegation Signer) record set. |
| DSSignatureValidityPeriod | int | The period in seconds that a DS (Delegation Signer) record's signature is considered valid. |
| EnableRfc5011KeyRollover | string | The process of automating the update and rollover of DNSSEC keys in accordance with RFC 5011 standards. |
| EventGuid | string | Unique identifier for the specific event. |
| EventId | string | Identifier for the underlying Windows event. |
| EventString | string | Human-readable description of the event. |
| EventType | string | Type of DNS event (e.g., zone transfer, dynamic update, DNSSEC signing). |
| FilePath | string | The location of a file or directory that the DNS server is interacting with. |
| Forwarders | string | DNS forwarders used by the server. |
| InitialRolloverOffset | int | The initial time delay (in seconds) before the first rollover action is triggered for a DNSSEC key. |
| IsEnabled | string | This parameter indicates whether the policy or exception list is currently active. |
| IsKeyMasterServer | string | Whether the DNS server is the primary key for a DNSSEC-signed zone. |
| KeyId | string | The unique identifier of a DNSSEC signing key. |
| KeyLength | int | The length of the cryptographic key used in DNSSEC signing operations. |
| KeyMasterServer | string | The DNS server that is responsible for generating and managing the DNSSEC keys for a zone. |
| KeyOrZone | string | The signing key used for authentication and data integrity in a specific DNS zone. |
| KeyProtocol | string | Protocol used for DNSSEC key management (e.g., DNSKEY, DS). |
| KeyStorageProvider | string | The system or service that is responsible for securely storing the DNSSEC keys. |
| KeyTag | int | A numeric identifier for the cryptographic key used by the DS record. |
| KeyType | string | The type of DNSSEC signing key being used. |
| KskOrZsk | string | The type of signing key used in a specific DNS zone. |
| LastRolloverTime | datetime | The last time a rollover process took place. |
| ListenAddresses | string | IP addresses on which the DNS server listens. |
| LookupValue | string | Type of DNS lookup (e.g., recursive, iterative). |
| MasterServer | string | The primary DNS server from which a secondary DNS server obtains zone data. |
| NameServer | string | Name server responsible for the DNS event. |
| NewPropertyValues | string | The set of properties after they were updated for a specific policy or exception list in the DNS server or zone. |
| NewValue | string | The updated value assigned to a specific property key within the DNS zone. |
| NextKey | string | The upcoming key that will be used in the DNS zone signing process after the current active and standby keys. |
| NextRolloverAction | string | The rollover action performed. |
| NextRolloverTime | datetime | The next time a rollover process should happen. |
| NodeName | string | The node name within the DNS zone. |
| NSec3HashAlgorithm | int | The cryptographic hash algorithm used in the NSEC3 protocol for DNSSEC. |
| NSec3Iterations | int | The number of additional hashing iterations a DNSSEC-enabled DNS server uses. |
| NSec3OptOut | string | Indicates if the DNSSEC NSEC3 protocol is configured to allow unsigned delegations. |
| NSec3RandomSaltLength | int | The length of the random salt value used in the NSEC3 protocol for DNSSEC. |
| NSec3UserSalt | string | The user-defined salt value used in the NSEC3 protocol for DNSSEC. |
| OldPropertyValues | string | The set of properties before they were updated for a specific policy or exception list in the DNS server or zone. |
| ParentHasSecureDelegation | string | Whether the parent zone has a secure delegation to the child zone. |
| Policy | string | Defines rules or guidelines for managing specific aspects of DNS behavior. |
| ProcessingOrder | int | Determines the sequence in which policies are applied. |
| PropagationTime | int | Time taken for the event information to propagate. Duration (e.g., milliseconds) or "Immediate" if no delay. |
| PropertyKey | string | Specific property or setting affected by the event. |
| RDATA | string | Represents the data of the resource record that was created, deleted, or scavenged in the DNS zone. |
| RecursionScope | string | A specific area or set of conditions under which DNS recursion is allowed or applied on a DNS server. |
| ReplicationScope | string | Scope of DNS replication (e.g., forest-wide, domain-specific). |
| RolloverPeriod | int | Time interval for log rollover (e.g., daily, weekly). |
| RolloverType | string | Type of rollover (e.g., overwrite, append). |
| ScavengeServers | string | Servers involved in DNS scavenging (aging and cleanup of stale records). |
| Scope | string | The scope of the event (e.g., server-wide, zone-specific). |
| Scopes | string | DNS scopes impacted by the event (e.g., global, local). |
| SecureDelegationPollingPeriod | int | Interval for polling secure delegation information. Numeric value (e.g., minutes) or "Disabled" if not applicable. |
| SeizedOrTransferred | string | Refers to the action taken, either a seizure (when control is forcibly transferred) or a voluntary transfer of the key master role. |
| ServerName | string | Represents the DNS server where the policy or exception list is being configured. |
| Setting | string | Specific DNS configuration setting modified by the event. |
| SignatureInceptionOffset | int | Offset time for DNSSEC signature inception. Duration (e.g., seconds) or "Immediate" if no delay. |
| Source | string | Source of the DNS event (e.g., server, client). |
| SourceSystem | string | The type of agent the event was collected by. For example,OpsManagerfor Windows agent, either direct connect or Operations Manager,Linuxfor all Linux agents, orAzurefor Azure Diagnostics |
| StandbyKey | string | the backup key that will be used if the current active key is compromised or needs to be replaced in the DNS zone signing process. |
| StoreKeysInAD | string | Specifies whether the keys are stored in Active Directory Domain Services (AD DS). This setting applies only to Active Directory-integrated zones when the vendor of KeyStorageProvider is Microsoft. |
| SubTreeAging | string | Mechanism that affects the aging (expiration) of DNS records within a specific subtree or branch of a DNS zone. |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | The timestamp (UTC) of when the event was generated. |
| TTL | int | The time-to-live for the DNS record, indicating how long the record should be cached before it is discarded or refreshed. |
| Type | string | The name of the table |
| VirtualizationID | string | A unique key to manage and coordinate activities within the virtualized environment. |
| WithNewKeys | string | Indicates whether new DNSSEC keys were generated. |
| WithWithout | string | Whether key signing key (KSK) metadata is included or excluded when exporting DNSSEC settings for a specific zone. |
| Zone | string | The zone related to the activity. |
| ZoneFile | string | The name of the zone file. |
| ZoneName | string | The name of a DNS zone on which the zone which the event relates to. |
| ZoneScope | string | A list of scopes and weights for the zone. |
| ZoneSignatureValidityPeriod | int | The amount of time that signatures that cover all other record sets are valid. |
This table collects data from the following Azure resource types:
microsoft.securityinsights/securityinsightsBrowse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊