Windows Domain Name System (DNS) maps computer names to IP addresses, and provides name resolution services to computers and users.
The DNS Client service is included in all client and server versions of the Windows operating system, and is running by default upon operating system installation.
Blumira integrates with Microsoft Windows operating systems to provide automated threat detection and actionable response for DNS (Domain Name System). Blumira supports the following Microsoft Windows server operating systems:
Blumira provides broad coverage for Windows Servers including collecting logs using NXLog, Command Line Logging, DNS Debugging and Winlogbeat.
You will need to first install and configure NXLog on the windows host using these instructions: https://www.blumira.com/integration/windows-server/
There are several steps involved in obtaining all DNS logs:
For the log level, add together the event codes you want logged and specify the result in hex.
|Hexadecimal value||Decimal value||Descriptions|
|0x0||0||No logging. (This is the default)|
|0x10000||65536||AD write transactions|
|0x20000||131072||AD update transactions|
Try out Blumira’s automated detection & response platform for free and deploy a cloud SIEM in hours.