Self Service Ingestion
Connect this data source on your own, using the Hunters platform.
Overview
Table name: windows_dns_debug_logs
This article explains how to ingest your on-premise Windows DNS Debug Logs to Hunters. These logs hold information on DNS queries (including the queried domain), from Windows Servers in which this role is enabled. Such information is important for Enterprise security coverage and can help in revealing malicious communication.
For more information about the logs' collection and schema see here.
Send data to Hunters
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
In each log file, the events should be separated by a new-line, where each event has a standard format as in the following example:
4/20/2021 20:04:21 PM 09B0 PACKET 00000000014E0010 UDP Snd 192.168.1.200 3122 R Q [8081 DR NOERROR] A (7)hunters(2)ai(0)