Microsoft DNS Debug
The IBM® QRadar® DSM for Microsoft DNS Debug collects events from a Microsoft Windows system.
Note:
The following table describes the specifications for the Microsoft DNS Debug DSM:
| Specification | Value |
|---|---|
| Manufacturer | Microsoft |
| DSM name | Microsoft DNS Debug |
| RPM file name | DSM-MicrosoftDNS-QRadar_version-build_number.noarch.rpm |
| Supported versions |
Windows Server 2008 R2 Windows Server 2012 R2 Windows Server 2016 |
| Protocol | WinCollect Microsoft DNS Debug |
| Event format | LEEF |
| Recorded event types | All operational and configuration network events. |
| Automatically discovered? | Yes |
| Includes identity? | Yes |
| Includes custom properties? | No |
| More information | http://www.microsoft.com |
To integrate Microsoft DNS Debug with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following files from the IBM Support Website in the order that
they are listed on your QRadar
Console:
- .sfs file for WinCollect
- DSMCommon RPM
- Microsoft DNS Debug RPM
- Configure WinCollect to forward Microsoft DNS Debug events to QRadar. For more information, go to Log Sources for WinCollect agents in the IBM QRadar WinCollect User Guide. (https://www.ibm.com/docs/en/SS42VS_SHR/com.ibm.wincollect.doc/c_ug_wincollect_log_sources.html).
- If QRadar does not automatically detect the log source, add a Microsoft DNS Debug log source on the QRadar Console.