Hi Guys few days ago i've installed the DNS Analyzer Tool.
Configured the Log Source as Microsoft DNS Debug
Added the new Search and choose the URL(Custom). What i see is that My Serach shows me the values in the URL Custom field however the DNS Analyzer still shows me the UNKNOWN in the request type.
It shows the counts but no DNS Request Types anyway.
Is some of you familiar with this App ?
Best Regards

T.

------------------------------
Tomasz Arabski
------------------------------

I would do a search for log sources that are populating URL.  I unfortunately have a few log sources like my proxy that is populating that field and it causing a lot of noise in DNS analyzer.  also i would make sure the DNS logs are getting parsed correctly. If Qradar is not parsing the other attributes then its not going to be able to use that data.

------------------------------
Patrick Barnes
------------------------------

Original Message:
Sent: Mon June 17, 2019 08:21 AM
From: Tomasz Arabski
Subject: DNS Anlyzer showing UNKNOWN for Request Type

Hi Guys few days ago i've installed the DNS Analyzer Tool.
Configured the Log Source as Microsoft DNS Debug
Added the new Search and choose the URL(Custom). What i see is that My Serach shows me the values in the URL Custom field however the DNS Analyzer still shows me the UNKNOWN in the request type.
It shows the counts but no DNS Request Types anyway.
Is some of you familiar with this App ?
Best Regards

T.

------------------------------
Tomasz Arabski
------------------------------