GCP_DNS_CL

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index

Attribute Value
Category GCP
Custom Log V1 Yes 🔶 — uses type-suffixed column names
Ingestion API Supported ✓ Yes

Contents

Schema (45 columns)

Source: KQL validation test schema

Column Name Type
_ResourceId string
Computer string
insert_id_s string
log_name_s string
ManagementGroupName string
MG string
payload__type_s string
payload_authAnswer_b bool
payload_authenticationInfo_principalEmail_s string
payload_authorizationInfo_s string
payload_methodName_s string
payload_protocol_s string
payload_queryName_s string
payload_queryType_s string
payload_rdata_s string
payload_request__type_s string
payload_request_managedZone_s string
payload_request_project_s string
payload_requestMetadata_requestAttributes_time_t datetime
payload_resourceName_s string
payload_responseCode_s string
payload_serverLatency_d real
payload_serviceName_s string
payload_sourceIP_s string
payload_sourceNetwork_s string
payload_vmInstanceId_d real
payload_vmInstanceIdString_s string
payload_vmInstanceName_s string
payload_vmProjectId_s string
payload_vmZoneName_s string
RawData string
resource_labels_location_s string
resource_labels_policy_name_s string
resource_labels_project_id_s string
resource_labels_source_type_s string
resource_labels_target_name_s string
resource_labels_target_type_s string
resource_labels_zone_name_s string
resource_type_s string
severity_s string
SourceSystem string
TenantId string
TimeGenerated datetime
timestamp_t datetime
Type string

Solutions (1)

This table is used by the following solutions:

Connectors (1)

This table is ingested by the following connectors:

Connector Selection Criteria
[DEPRECATED] Google Cloud Platform DNS

Content Items Using This Table (22)

Analytic Rules (11)

In solution GoogleCloudPlatformDNS:

Analytic Rule Selection Criteria
Google DNS - CVE-2020-1350 (SIGRED) exploitation pattern
Google DNS - CVE-2021-34527 (PrintNightmare) external exploit
Google DNS - CVE-2021-40444 exploitation
Google DNS - Exchange online autodiscover abuse
Google DNS - IP check activity
Google DNS - Malicous Python packages
Google DNS - Multiple errors for source
Google DNS - Multiple errors to same domain
Google DNS - Possible data exfiltration
Google DNS - Request to dynamic DNS service
Google DNS - UNC2452 (Nobelium) APT Group activity

Hunting Queries (10)

In solution GoogleCloudPlatformDNS:

Hunting Query Selection Criteria
Google DNS - Domains with rare errors
Google DNS - Errors
Google DNS - Rare domains
Google DNS - Requests to IP lookup resources
Google DNS - Requests to TOR resources
Google DNS - Requests to online shares
Google DNS - Server latency
Google DNS - Sources with high number of errors
Google DNS - Unexpected top level domains
Google DNS - Unusual top level domains

Workbooks (1)

In solution GoogleCloudPlatformDNS:

Workbook Selection Criteria
GCPDNS

Parsers Using This Table (2)

ASIM Parsers (1)

Parser Schema Product Selection Criteria
ASimDnsGcp Dns GCP Cloud DNS

Other Parsers (1)

Parser Solution Selection Criteria
GCPCloudDNS GoogleCloudPlatformDNS

Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊

Back to Tables Index