DNS Request/Response
Requires enhanced auditing enabled. Event Source - Microsoft-Windows-DNSServer - Event Log - Microsoft-Windows-DNSServer/Analytical
Configuration
query
EventID:256 OR EventID:257
config
Key | Value — | — type | aggregation-v1 query | EventID:256 OR EventID:257 streams | [5f74fe0891d2ba1b645adb8d] conditions | {expression:null} search_within_ms | 3600000 execute_every_ms | 3600000
Windows DNS/Directory Services
Malicious or misused software can often attempt to resolve blacklisted or suspicious domain names.
Last modified
October 12, 2020