Event ID: 22 - DNSEvent (DNS query)

Native field name	OSSEM Field Name
RuleName	tag
UtcTime	event_date_creation
ProcessGuid	process_guid
ProcessId	process_id
QueryName	dst_host_name
QueryStatus	dns_query_status
QueryResults	dns_query_results
Image	process_path

Logstash pipeline

if [event_id] == 22 {
      mutate {
        rename => {
            "RuleName" => "tag"
            "UtcTime" => "event_date_creation"
            "ProcessGuid" => "process_guid"
            "ProcessId" => "process_id"
            "QueryName" => "dst_host_name"
            "QueryStatus" => "dns_query_status"
            "QueryResults" => "dns_query_results"
            "Image" => "process_path"
        }
      }
    }

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

EventId-22.md

EventId-22.md

Event ID: 22 - DNSEvent (DNS query)

Logstash pipeline

Files

EventId-22.md

Latest commit

History

EventId-22.md

File metadata and controls

Event ID: 22 - DNSEvent (DNS query)

Logstash pipeline