DNS connector for Microsoft Sentinel

The DNS log connector allows you to easily connect your DNS analytic and audit logs with Microsoft Sentinel, and other related data, to improve investigation.

When you enable DNS log collection you can:

  • Identify clients that try to resolve malicious domain names.
  • Identify stale resource records.
  • Identify frequently queried domain names and talkative DNS clients.
  • View request load on DNS servers.
  • View dynamic DNS registration failures.

For more information, see the Microsoft Sentinel documentation.

Connector attributes

Connector attribute Description
Log Analytics table(s) DnsEvents
Data collection rules support Not currently supported
Supported by Microsoft Corporation

Next steps

For more information, go to the related solution in the Azure Marketplace.