Vendor: Microsoft
April 15, 2026 · View on GitHub
Product: Microsoft DNS Log
| Rules | Models | MITRE ATT&CK® TTPs | Activity Types | Parsers |
|---|---|---|---|---|
| 5 | 0 | 5 | 2 | 6 |
| Use-Case | Activity Types/Parsers | MITRE ATT&CK® TTP | Content |
|---|---|---|---|
| Malware | dns-query ↳microsoft-windows-str-dns-request-success-udpquesinfo ↳microsoft-windows-str-dns-request-success-packetqm ↳microsoft-windows-str-dns-request-success-queryq ↳microsoft-windows-str-dns-request-success-packetu ↳microsoft-windows-str-dns-request-success-packetn dns-response ↳microsoft-windows-str-dns-response-success-packetru ↳microsoft-windows-str-dns-response-success-packetrq ↳microsoft-windows-kv-dns-response-success-udpresponseinfo | T1071 - Application Layer Protocol T1568 - Dynamic Resolution T1568.002 - Dynamic Resolution: Domain Generation Algorithms T1583 - T1583 T1583.001 - T1583.001 |
|
MITRE ATT&CK® Framework for Enterprise
| Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Dynamic Resolution Dynamic Resolution: Domain Generation Algorithms Application Layer Protocol |