This article explains how to ingest your on-premise Windows DNS Debug Logs to Hunters. These logs hold information on DNS queries (including the queried domain), from Windows Servers in which this role is enabled. Such information is important for Enterprise security coverage and can help in revealing malicious communication.
For more information about the logs' collection and schema, see here here or here.
Hunters Ingestion
For Hunters to integrate with your on-prem Windows DNS Debug Logs, the logs should be collected to a Storage Service (e.g. to an S3 bucket or Azure Blob Storage) shared with Hunters.
Expected Format
In each log file, the events should be separated by a new-line, where each event has a standard format as in the following example:
4/20/2021 20:04:21 PM 09B0 PACKET 00000000014E0010 UDP Snd 192.168.1.200 3122 R Q [8081 DR NOERROR] A (7)hunters(2)ai(0)
CODE
JavaScript errors detected
Please note, these errors can depend on your browser setup.
If this problem persists, please contact our support.
