Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Contains information about DNS activity events from cloud infrastructure environments.
Table attributes
| Attribute | Value |
|---|---|
| Resource types | - |
| Categories | Security |
| Solutions | SecurityInsights |
| Basic log | Yes |
| Ingestion-time DCR support | No |
| Lake-only ingestion | Yes |
| Sample Queries | - |
Columns
| Column | Type | Description |
|---|---|---|
| ActionType | string | Type of activity that triggered the event |
| AdditionalFields | dynamic | Additional information about the entity or event |
| AwsResourceName | string | Unique identifier specific to Amazon Web Services devices, containing the Amazon resource name |
| AzureResourceId | string | Unique identifier of the Azure resource associated with the process |
| _BilledSize | real | The record size in bytes |
| ContainerId | string | The container identifier in Kubernetes or another runtime environment |
| ContainerName | string | Name of the container in Kubernetes or another runtime environment |
| DnsEventSubType | string | Either request or response |
| DnsEventType | string | Type of event associated with DNS operation (for example, query) |
| DnsNetworkDuration | long | The DNS request duration in milliseconds |
| DnsQuery | string | The domain that needs to be resolved |
| DnsQueryTypeName | string | The DNS resource record type name as defined by the Internet Assigned Numbers Authority (IANA) |
| DnsResponseCodeName | string | The DNS response code name as defined by the Internet Assigned Numbers Authority (IANA). |
| GcpFullResourceName | string | Unique identifier specific to Google Cloud Platform devices, containing a combination of zone and ID for GCP |
| ImageName | string | Container image name or ID |
| _IsBillable | string | Specifies whether ingesting the data is billable. When _IsBillable is false ingestion isn't billed to your Azure account |
| KubernetesNamespace | string | The Kubernetes namespace name |
| KubernetesPodName | string | The Kubernetes pod name |
| KubernetesResource | string | Unique identifier for the Kubernetes resource that includes the namespace, resource type and name |
| ProcessId | long | Process ID that initiated the DNS query |
| ProcessName | string | The name of the process that initiated the DNS query |
| ReportId | string | Unique identifier for the event |
| SourceSystem | string | The type of agent the event was collected by. For example, OpsManager for Windows agent, either direct connect or Operations Manager, Linux for all Linux agents, or Azure for Azure Diagnostics |
| TenantId | string | The Log Analytics workspace ID |
| TimeGenerated | datetime | Date and time (UTC) when the record was generated |
| TransactionIdHex | string | The DNS unique hex transaction ID |
| Type | string | The name of the table |