Microsoft Windows DNS Debug Logs

image

Self Service Ingestion

Connect this data source on your own, using the Hunters platform.

Overview

Table name: windows_dns_debug_logs

This article explains how to ingest your on-premise Windows DNS Debug Logs to Hunters. These logs hold information on DNS queries (including the queried domain), from Windows Servers in which this role is enabled. Such information is important for Enterprise security coverage and can help in revealing malicious communication.

For more information about the logs' collection and schema see here.

Send data to Hunters

Once the export is completed and the logs are collected to S3, follow the steps in this section.

Expected format

In each log file, the events should be separated by a new-line, where each event has a standard format as in the following example:

4/20/2021 20:04:21 PM 09B0 PACKET  00000000014E0010 UDP Snd 192.168.1.200        3122 R Q [8081   DR  NOERROR] A      (7)hunters(2)ai(0)