Windows DNS Events via AMA connector for Microsoft Sentinel
The Windows DNS log connector allows you to easily filter and stream all analytics logs from your Windows DNS servers to your Microsoft Sentinel workspace using the Azure Monitoring agent (AMA). Having this data in Microsoft Sentinel helps you identify issues and security threats such as:
- Trying to resolve malicious domain names.
- Stale resource records.
- Frequently queried domain names and talkative DNS clients.
- Attacks performed on DNS server.
You can get the following insights into your Windows DNS servers from Microsoft Sentinel:
- All logs centralized in a single place.
- Request load on DNS servers.
- Dynamic DNS registration failures.
Windows DNS events are supported by Advanced SIEM Information Model (ASIM) and stream data into the ASimDnsActivityLogs table. Learn more.
For more information, see the Microsoft Sentinel documentation.
Connector attributes
| Connector attribute | Description |
|---|---|
| Log Analytics table(s) | ASimDnsActivityLogs |
| Data collection rules support | Azure Monitor Agent DCR |
| Supported by | Microsoft Corporation |
Next steps
For more information, go to the related solution in the Azure Marketplace.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for