Event ID 22

Process executes a DNS query

Source:

Microsoft-Windows-Sysmon

Category:

Dns query (rule: DnsQuery)

Dns query:
    RuleName: %1!s!
    UtcTime: %2!s!
    ProcessGuid: %3!s!
    ProcessId: %4!s!
    QueryName: %5!s!
    QueryStatus: %6!s!
    QueryResults: %7!s!
    Image: %8!s!
    User: %9!s!

This event is generated when a process executes a DNS query, whether the result is successful or fails, cached or not. The telemetry for this event was added for Windows 8.1 so it is not available on Windows 7 and earlier.

LEFT/RIGHT arrow keys for navigation

Back to List