none
What are those DNS query's which Sysmon does not get from Windows RRS feed

  • Question

  • Please tell me about those DNS query's which Sysmon does not get from Windows?
    Monday, December 14, 2020 6:43 AM

All replies

  • Hi,

    Please note that the Sysmon forum has been migrated to the new Microsoft Q&A platform, I suggest asking over here:
    https://docs.microsoft.com/en-us/answers/topics/windows-sysinternals-sysmon.html

    Note: Most forums have been migrated to the new Microsoft Q&A platform, the TechNet forums will also be closing down soon.

    (Please don't forget to mark helpful replies as answer, thank you)

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Monday, December 14, 2020 10:29 AM
  • Hi ,

    Thanks for input.

    A malicious code was querying a hard-coded DNS server instead of sysmon DNS even that was not registering with sysmon. We could see the queries  at the network level (Packetbeat logs). Can you please throw some light on it?

    Thursday, December 17, 2020 6:57 AM