Microsoft DNS Debug
The IBM QRadar DSM for Microsoft DNS Debug collects events from a Microsoft Windows system.
Note:
The following table describes the specifications for the Microsoft DNS Debug DSM:
| Specification | Value |
|---|---|
| Manufacturer | Microsoft |
| DSM name | Microsoft DNS Debug |
| RPM file name | DSM-MicrosoftDNS-QRadar_version-build_number.noarch.rpm |
| Supported versions |
Windows Server 2008 R2 Windows Server 2012 R2 Windows Server 2016 |
| Protocol | WinCollect Microsoft DNS Debug |
| Event format | LEEF |
| Recorded event types | All operational and configuration network events. |
| Automatically discovered? | Yes |
| Includes identity? | Yes |
| Includes custom properties? | No |
| More information | http://www.microsoft.com |
To integrate Microsoft DNS Debug with QRadar, complete the following steps:
- If automatic updates are not enabled, download and install the most recent version of the
following files from the IBM® Support Website in the order that
they are listed on your QRadar
Console:
- .sfs file for WinCollect
- DSMCommon RPM
- Microsoft DNS Debug RPM
- Configure WinCollect to forward Microsoft DNS Debug events to QRadar. For more information, go to Log Sources for WinCollect agents in the IBM QRadar WinCollect User Guide. (https://www.ibm.com/docs/en/SS42VS_SHR/com.ibm.wincollect.doc/c_ug_wincollect_log_sources.html).
- If QRadar does not automatically detect the log source, add a Microsoft DNS Debug log source on the QRadar Console.