Windows DNS/Directory Services

Malicious or misused software can often attempt to resolve blacklisted or suspicious domain names. The collection of DNS queries and responses are recommended in order to enable discovery of compromise or intrusion through security analytics.A number of the below event IDs will only be recorded with enhanced auditing enabled. See [Network Forensics with Windows DNS Analytical Logging](http://blogs.technet.com/b/teamdhcp/archive/2015/11/24/network-forensics-with-windows-dns-analytical-logging.aspx) for more information.
AIS Managed SIEM

SIEM Events

DNS Request/Response

DNS Request/Response

DNS Query Complete

DNS Query Complete

DNS Response Complete

DNS Response Complete

Last modified September 14, 2021