DNS Log
Normalize DNS logs in Genian EDR.
| Type | Field | Display Name |
|---|---|---|
| DATE | _time | Time |
| STRING | event_type | Event type |
| STRING | event_subtype | Event subtype |
| INT | important | Important level |
| IP | host_ip | Host IP |
| STRING | nt_domain | NT domain |
| STRING | hostname | Hostname |
| STRING | tag | Tag |
| STRING | image | Process name |
| STRING | dns_query | DNS query |
| STRING | dns_answer | DNS answer |
| STRING | image_path | Process path |
| STRING | direction | Direction |
| IP | local_ip | Local IP |
| INT | local_port | Local port |
| IP | remote_ip | Remote IP |
| INT | remote_port | Remote port |
| STRING | protocol | Protocol |
| INT | is_connected | Is connected |
| STRING | logon_id | Logon ID |
| INT | pid | PID |
| STRING | pguid | Process GUID |
| STRING | device_id | Device ID |
| LONG | event_seq | Event sequence |
| STRING | info_title | Info title |
| STRING | info | Info details |