Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,946 questions
Sysmon DNS Query Logs - QueryResults Field
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(144, 22%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3E1%3C/text%3E%3C/svg%3E)
1357A
0
Reputation points
How do I display type: 1 for Type A DNS logs in the QueryResults field of Sysmon Event ID 22 DNS Query logs? I tried generating the logs using the below XML format:
<Sysmon schemaversion="4.90">
<EventFiltering>
<DnsQuery onmatch="exclude" />
</EventFiltering>
</Sysmon>
But when I generate Type A DNS logs, the QueryResults field displays as:
QueryResults: 52.206.163.162;34.234.52.18;3.233.126.24;
instead of
QueryResults: type: 1 52.206.163.162;34.234.52.18;3.233.126.24;
Here are the images of the logs generated for reference:
Windows 10
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,935 questions
Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,807 questions
Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,620 questions
Sysinternals
Sysinternals
Advanced system utilities to manage, troubleshoot, and diagnose Windows and Linux systems and applications.
1,112 questions