Sysmon to identify source of DNS request RRS feed

  • Question

  • Hi Folks,

    I am trying to capture some DNS logs, in specific, identifying machines from which a dns request was originated.

    For example, user A is using DNS Server A, user A browses, and Server A resolves the request.

    I would like to install sysmon on DNS Server but not sure how would the configuration file look likes.

    Appreciate your assistance on this.

    Regards, Navdeep

    Thursday, July 5, 2018 6:31 AM