Microsoft DNS Debug
The IBM QRadar DSM for Microsoft DNS Debug collects events from a Microsoft Windows system.
Note:
The following table describes the specifications for the Microsoft DNS Debug DSM:
Specification | Value |
---|---|
Manufacturer | Microsoft |
DSM name | Microsoft DNS Debug |
RPM file name | DSM-MicrosoftDNS-QRadar_version-build_number.noarch.rpm |
Supported versions |
Windows Server 2008 R2 Windows Server 2012 R2 Windows Server 2016 |
Protocol | WinCollect Microsoft DNS Debug |
Event format | LEEF |
Recorded event types | All operational and configuration network events. |
Automatically discovered? | Yes |
Includes identity? | Yes |
Includes custom properties? | No |
More information | http://www.microsoft.com |
To integrate Microsoft DNS Debug with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following files from the IBM® Support Website in the order that
they are listed on your QRadar
Console:
- .sfs file for WinCollect
- DSMCommon RPM
- Microsoft DNS Debug RPM
- Configure WinCollect to forward Microsoft DNS Debug events to QRadar. For more information, go to Log Sources for WinCollect agents in the IBM QRadar WinCollect User Guide. (https://www.ibm.com/docs/en/SS42VS_SHR/com.ibm.wincollect.doc/c_ug_wincollect_log_sources.html).
- If QRadar does not automatically detect the log source, add a Microsoft DNS Debug log source on the QRadar Console.