-
Notifications
You must be signed in to change notification settings - Fork 2.9k
/
template_DNS.JSON
111 lines (111 loc) · 3.96 KB
/
template_DNS.JSON
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
{
"id": "DNS",
"title": "DNS",
"publisher": "Microsoft",
"descriptionMarkdown": "The DNS log connector allows you to easily connect your DNS analytic and audit logs with Microsoft Sentinel, and other related data, to improve investigation.\n\n**When you enable DNS log collection you can:**\n- Identify clients that try to resolve malicious domain names.\n- Identify stale resource records.\n- Identify frequently queried domain names and talkative DNS clients.\n- View request load on DNS servers.\n- View dynamic DNS registration failures.\n\nFor more information, see the [Microsoft Sentinel documentation](https://go.microsoft.com/fwlink/p/?linkid=2220127&wt.mc_id=sentinel_dataconnectordocs_content_cnl_csasci).",
"logo": "DNS.svg",
"graphQueries": [
{
"metricName": "Total data received",
"legend": "DnsEvents",
"baseQuery": "DnsEvents"
},
{
"metricName": "Total data received",
"legend": "DnsInventory",
"baseQuery": "DnsInventory"
}
],
"sampleQueries": [
{
"description": "All events logs",
"query": "DnsEvents\n | sort by TimeGenerated"
},
{
"description": "All inventory logs",
"query": "DnsInventory\n | sort by TimeGenerated"
}
],
"dataTypes": [
{
"name": "DnsEvents",
"lastDataReceivedQuery": "DnsEvents\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
},
{
"name": "DnsInventory",
"lastDataReceivedQuery": "DnsInventory\n | summarize Time = max(TimeGenerated)\n | where isnotempty(Time)"
}
],
"connectivityCriterias": [
{ "type": "OmsSolutions", "value": ["DnsAnalytics"] }
],
"availability": {
"status": 1,
"isPreview": false
},
"permissions": {
"resourceProvider": [
{
"provider": "Microsoft.OperationalInsights/workspaces",
"permissionsDisplayText": "read and write permissions.",
"providerDisplayName": "Workspace",
"scope": "Workspace",
"requiredPermissions": { "read": true, "write": true, "delete": true }
},
{
"provider": "Microsoft.OperationalInsights/solutions",
"permissionsDisplayText": "[read and write permissions](https://docs.microsoft.com/azure/role-based-access-control/built-in-roles#log-analytics-contributor).",
"providerDisplayName": "Solutions",
"scope": "ResourceGroup",
"requiredPermissions": { "read": true, "write": true }
}
]
},
"instructionSteps": [
{
"title": "1. Download and install the agent",
"description": "> DNS logs are collected only from **Windows** agents.",
"instructions": [
{
"parameters": {
"title": "Choose where to install the agent:",
"instructionSteps": [
{
"title": "Install agent on Azure Windows Virtual Machine",
"description": "Download the agent on the relevant machine and follow the instructions.",
"instructions": [
{
"parameters": {
"linkType": "InstallAgentOnVirtualMachine"
},
"type": "InstallAgent"
}
]
},
{
"title": "Install agent on non-Azure Windows Machine",
"description": "Select the machine to install the agent and then click **Connect**.",
"instructions": [
{
"parameters": { "linkType": "InstallAgentOnNonAzure" },
"type": "InstallAgent"
}
]
}
]
},
"type": "InstructionStepsGroup"
}
]
},
{
"title": "2. Install DNS solution",
"instructions": [
{
"parameters": { "solutionName": "DnsAnalytics" },
"type": "OmsSolutions"
}
]
}
]
}