Created
April 14, 2020 02:44
-
-
Save michaelhidalgo/4c437770ed28cd9cca42a6a250301a29 to your computer and use it in GitHub Desktop.
Sysmon DNS Query
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" ?> | |
| <event name="SYSMON_DNS_QUERY" value="22" level="Informational" template="Dns query" rulename="DnsQuery" ruledefault="exclude" version="5"> | |
| <data name="RuleName" inType="win:UnicodeString" outType="xs:string"/> | |
| <data name="UtcTime" inType="win:UnicodeString" outType="xs:string"/> | |
| <data name="ProcessGuid" inType="win:GUID"/> | |
| <data name="ProcessId" inType="win:UInt32" outType="win:PID"/> | |
| <data name="QueryName" inType="win:UnicodeString" outType="xs:string"/> | |
| <data name="QueryStatus" inType="win:UnicodeString" outType="xs:string"/> | |
| <data name="QueryResults" inType="win:UnicodeString" outType="xs:string"/> | |
| <data name="Image" inType="win:UnicodeString" outType="xs:string"/> | |
| </event> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment