Windows DNS Events via AMA connector for Microsoft Sentinel

The Windows DNS log connector allows you to easily filter and stream all analytics logs from your Windows DNS servers to your Microsoft Sentinel workspace using the Azure Monitoring agent (AMA). Having this data in Microsoft Sentinel helps you identify issues and security threats such as:

  • Trying to resolve malicious domain names.
  • Stale resource records.
  • Frequently queried domain names and talkative DNS clients.
  • Attacks performed on DNS server.

You can get the following insights into your Windows DNS servers from Microsoft Sentinel:

  • All logs centralized in a single place.
  • Request load on DNS servers.
  • Dynamic DNS registration failures.

Windows DNS events are supported by Advanced SIEM Information Model (ASIM) and stream data into the ASimDnsActivityLogs table. Learn more.

For more information, see the Microsoft Sentinel documentation.

This is autogenerated content. For changes, contact the solution provider.

Connector attributes

Connector attribute Description
Log Analytics table(s) ASimDnsActivityLogs
Data collection rules support Azure Monitor Agent DCR
Supported by Microsoft Corporation

Next steps

For more information, go to the related solution in the Azure Marketplace.